diff --git a/roles/diagrams/meta/main.yml b/roles/diagrams/meta/main.yml index 5a1ad60..ed97d53 100644 --- a/roles/diagrams/meta/main.yml +++ b/roles/diagrams/meta/main.yml @@ -1,7 +1 @@ --- - -dependencies: - - role: repo_lux # EL8 doesn't have tomcat anymore - when: - - ansible_os_family == 'RedHat' - - ansible_distribution_major_version is version('8','>=') diff --git a/roles/glpi/defaults/main.yml b/roles/glpi/defaults/main.yml index 8bf7ff2..047ad76 100644 --- a/roles/glpi/defaults/main.yml +++ b/roles/glpi/defaults/main.yml @@ -2,9 +2,9 @@ glpi_id: 1 glpi_manage_upgrade: True -glpi_version: '10.0.6' +glpi_version: '10.0.7' glpi_archive_url: https://github.com/glpi-project/glpi/releases/download/{{ glpi_version }}/glpi-{{ glpi_version }}.tgz -glpi_archive_sha256: d30d915a7cdc2f0e117a38e86b528f787a41e5ffdf9c3a5f9f4a1b8a70bf91ce +glpi_archive_sha256: 0d51de960272d3d5b322e83d74a8261423d4baefad5ef815402591e8ead04e53 glpi_root_dir: /opt/glpi_{{ glpi_id }} glpi_php_user: php-glpi_{{ glpi_id }} # If set, will use the following custom PHP FPM pool, which must be created @@ -43,17 +43,17 @@ glpi_plugins: sha256: fe1b9ad1ef9bc95953e47dc6b0112e028ed98c43656aab608bf06d0cb5e1bf4c url: https://github.com/InfotelGLPI/manufacturersimports/releases/download/3.0.5/glpi-manufacturersimports-3.0.5.tar.bz2 tag: - version: 2.10.0 - sha256: e3777fb313cd9b2d2b2ee8ef3a25fd35f1103659fc01629a13052dd0572d8d72 - url: https://github.com/pluginsGLPI/tag/releases/download/2.10.0/glpi-tag-2.10.0.tar.bz2 + version: 2.11.0 + sha256: 8804753e72b32892d7e5564386c54843850d21cf60198ce5da90b7deae8663e8 + url: https://github.com/pluginsGLPI/tag/releases/download/2.11.0/glpi-tag-2.11.0.tar.bz2 mreporting: version: 1.8.2 sha256: 6563eb016d9e2106f2f3ac99eaf8add4260797526f7ece32b42df895ec2d90b4 url: https://github.com/pluginsGLPI/mreporting/releases/download/1.8.2/glpi-mreporting-1.8.2.tar.bz2 fields: - version: 1.20.0 - sha256: cb24179a4cc9f623b860e8b4a81a06ffa39c4c3baae98f2f71697f1b6eca1066 - url: https://github.com/pluginsGLPI/fields/releases/download/1.20.0/glpi-fields-1.20.0.tar.bz2 + version: 1.20.4 + sha256: e921ac7b5c76cd4b06e2855a69b74a944378614d4d7549d886def9362feee029 + url: https://github.com/pluginsGLPI/fields/releases/download/1.20.4/glpi-fields-1.20.4.tar.bz2 webapplications: version: 4.0.1 sha256: bbd3a9a01c2bd708af83563ed162ebfa9f56fdd616aaf6f1892e9a36e970ec9d diff --git a/roles/glpi/tasks/cleanup.yml b/roles/glpi/tasks/cleanup.yml index 4b7870a..53d3712 100644 --- a/roles/glpi/tasks/cleanup.yml +++ b/roles/glpi/tasks/cleanup.yml @@ -14,6 +14,7 @@ - "{{ glpi_root_dir }}/tmp/glpi" - "{{ glpi_root_dir }}/tmp/glpi-{{ glpi_version }}.tgz" - "{{ glpi_root_dir }}/db_dumps" + - "{{ glpi_root_dir }}/web/sso.php" - /etc/backup/pre.d/glpi_{{ glpi_id }}_dump_db - /etc/backup/post.d/glpi_{{ glpi_id }}_rm_dump tags: glpi diff --git a/roles/glpi/tasks/conf.yml b/roles/glpi/tasks/conf.yml index 49980fe..a7f7efc 100644 --- a/roles/glpi/tasks/conf.yml +++ b/roles/glpi/tasks/conf.yml @@ -31,7 +31,7 @@ tags: glpi - name: Deploy sso.php script - template: src=sso.php.j2 dest={{ glpi_root_dir }}/web/sso.php + template: src=sso.php.j2 dest={{ glpi_root_dir }}/web/public/sso.php tags: glpi - name: Deploy logrotate conf diff --git a/roles/glpi/templates/httpd.conf.j2 b/roles/glpi/templates/httpd.conf.j2 index b664f21..2598707 100644 --- a/roles/glpi/templates/httpd.conf.j2 +++ b/roles/glpi/templates/httpd.conf.j2 @@ -1,10 +1,10 @@ {% if glpi_alias is defined %} -Alias /{{ glpi_alias }} {{ glpi_root_dir }}/web +Alias /{{ glpi_alias }} {{ glpi_root_dir }}/web/public {% else %} # No alias defined, create a vhost to access it {% endif %} - + AllowOverride All Options FollowSymLinks {% if glpi_src_ip is defined %} @@ -12,18 +12,16 @@ Alias /{{ glpi_alias }} {{ glpi_root_dir }}/web {% else %} Require all granted {% endif %} + + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^ index.php [L,QSA] + + # For some (unknown) reason, files at the root like apirest.php won't be handled by the rewrite rule + # So force SCRIPT_NAME here (except for sso.php which is in the public subdir) + ProxyFCGISetEnvIf "reqenv('Request_URI') !~ m/sso\.php$/" SCRIPT_FILENAME "{{ glpi_root_dir }}/web/public/index.php" SetHandler "proxy:unix:/run/php-fpm/{{ glpi_php_fpm_pool | default('glpi_' + glpi_id | string) }}.sock|fcgi://localhost" - - Require all denied - - - -{% for dir in [ 'scripts', 'locales', 'config', 'inc', 'vendor', '.github', 'bin' ] %} - - Require all denied - -{% endfor %} diff --git a/roles/glpi/templates/php.conf.j2 b/roles/glpi/templates/php.conf.j2 index 415a18a..5f5add4 100644 --- a/roles/glpi/templates/php.conf.j2 +++ b/roles/glpi/templates/php.conf.j2 @@ -27,10 +27,12 @@ php_admin_value[sys_temp_dir] = {{ glpi_root_dir }}/tmp php_admin_value[post_max_size] = 100M php_admin_value[upload_max_filesize] = 100M php_admin_value[disable_functions] = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd -php_admin_value[open_basedir] = {{ glpi_root_dir }}:/usr/share/pear/:/usr/share/php/ -php_admin_value[max_execution_time] = 60 +php_admin_value[open_basedir] = {{ glpi_root_dir }}:/usr/share/pear/:/usr/share/php/:/etc/redhat-release +php_admin_value[max_execution_time] = 600 php_admin_value[max_input_time] = 60 +php_admin_value[session.use_trans_sid] = 0 php_admin_flag[allow_url_include] = off php_admin_flag[allow_url_fopen] = off php_admin_flag[file_uploads] = on php_admin_flag[session.cookie_httponly] = on +php_admin_flag[session.auto_start] = off diff --git a/roles/repo_base/tasks/AlmaLinux-8.yml b/roles/repo_base/tasks/AlmaLinux-8.yml index 5032989..2e00368 100644 --- a/roles/repo_base/tasks/AlmaLinux-8.yml +++ b/roles/repo_base/tasks/AlmaLinux-8.yml @@ -28,6 +28,7 @@ file: path=/etc/yum.repos.d/{{ item }}.repo state=absent loop: - fws + - lux tags: repo - include_tasks: epel_{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml diff --git a/roles/repo_base/tasks/epel_RedHat-8.yml b/roles/repo_base/tasks/epel_RedHat-8.yml index bfbd5f1..560963e 100644 --- a/roles/repo_base/tasks/epel_RedHat-8.yml +++ b/roles/repo_base/tasks/epel_RedHat-8.yml @@ -4,9 +4,9 @@ yum_repository: name: epel description: "Extra Package for Enterprise Linux" - baseurl: http://mirrors.ircam.fr/pub/fedora/epel/$releasever/Everything/$basearch http://mir01.syntis.net/epel/$releasever/Everything/$basearch + baseurl: https://fr2.rpmfind.net/linux/epel/$releasever/Everything/$basearch https://mirror.in2p3.fr/pub/epel/$releasever/Everything/$basearch gpgcheck: True - gpgkey: https://mir01.syntis.net/epel/RPM-GPG-KEY-EPEL-8 + gpgkey: https://mirror.in2p3.fr/pub/epel/RPM-GPG-KEY-EPEL-8 exclude: dehydrated tags: repo @@ -14,7 +14,7 @@ yum_repository: name: epel-modular description: "Extra Packages for Enterprise Linux Modular $releasever - $basearch" - baseurl: http://mirrors.ircam.fr/pub/fedora/epel/$releasever/Modular/$basearch http://mir01.syntis.net/epel/$releasever/Modular/$basearch + baseurl: https://fr2.rpmfind.net/linux/epel/$releasever/Modular/$basearch https://mirror.in2p3.fr/pub/epel/$releasever/Modular/$basearch gpgcheck: True - gpgkey: https://mir01.syntis.net/epel/RPM-GPG-KEY-EPEL-8 + gpgkey: https://mirror.in2p3.fr/pub/epel/RPM-GPG-KEY-EPEL-8 tags: repo diff --git a/roles/repo_base/tasks/epel_RedHat-9.yml b/roles/repo_base/tasks/epel_RedHat-9.yml index c8a6e7b..cf4ab0e 100644 --- a/roles/repo_base/tasks/epel_RedHat-9.yml +++ b/roles/repo_base/tasks/epel_RedHat-9.yml @@ -4,9 +4,9 @@ yum_repository: name: epel description: "Extra Package for Enterprise Linux" - baseurl: http://mirrors.ircam.fr/pub/fedora/epel/$releasever/Everything/$basearch http://mir01.syntis.net/epel/$releasever/Everything/$basearch + baseurl: https://fr2.rpmfind.net/linux/epel/$releasever/Everything/$basearch https://mirror.in2p3.fr/pub/epel/$releasever/Everything/$basearch gpgcheck: True - gpgkey: https://mir01.syntis.net/epel/RPM-GPG-KEY-EPEL-9 + gpgkey: https://mirror.in2p3.fr/pub/epel/RPM-GPG-KEY-EPEL-8 exclude: dehydrated tags: repo