Skip to content

v3.0.0: Merge branch 'develop' into master_merge_develop_v3

Latest
Latest
Compare
Choose a tag to compare
@xenithorb xenithorb released this 18 Feb 00:51
· 91 commits to develop since this release
v3.0.0
17124f8

Major refactoring for robustness and including Let's Encrypt support

  • Update NPM to 5.6.0

  • Adding httpd_sys_content_t role for selinux to allow traffic to well_known folder

  • Change the way NPM and NodeJS are installed for robustness

    • rocket_chat_node_path is now rocket_chat_node_prefix` without the /bin
    • rocket_chat_node_orig_npm is now rockat_chat_npm_dist
    • Add new:
      • rocket_chat_node_path: path to installed node binary
      • rocket_chat_npm_version: Explicit NPM version
      • rocket_chat_npm_path: path to installed npm binary
      • rocket_chat_npm_dist: path to distribution NPM

  • Add rocket_chat_letsencrypt_force_renew: false

  • SELinux: Restorecon well-known directory for let's encrypt

  • Re-order instantiation of rocket_chat_service_group,user in order
    to fix a conflict

  • Check for privilege escalation rights (i.e. sudo)
    This is required in order to become a different user than the SSH user

  • Add Fedora support 24+

  • Enable HTTP/2 support if the nginx server supports it

  • Enhance SSL options to meet current secure standards (HSTS ENABLED!)

  • Vagrantfile:

    • Add Fedora 24 and 25 support

  • Add gcc-c++ and policycoreutils-python for RedHat distros that may
    need to compile certain dependencies

  • Fix Installing cron on jessie docker fails the build

Let's Encrypt Support!

  • Add rocket_chat_letsencrypt_* variables to defaults/main.yml

  • Add tasks/letsencrypt.yml utilizing acme-tiny.py for SSL certs

  • Inserts cronjob in /etc/cron.monthly/acme-tiny_renew.sh to keep
    things current (perhaps systemd timer in the future)\

  • Set newly generated generic RSA certs to 4096 bits

  • Add .well-known path for ACME in templates/rocket_chat.conf

  • Add cron to dependencies

  • Replace the use of the file module for permission recursion with chown

    I've noticed over the course of using the role myself and testing that
    the use of Ansible's file module to recursively ensure permissions for
    the bundle directory is quite slow and can significantly impact the time
    it takes the role to complete. Chown in this instance is much, much
    faster. I'm commenting out the old functionality for posterity but will
    probably remove it in the future or revert back to Ansible's way if it
    improves in speed.

  • Use the n version of node to install instead of system version:

    It doesn't seem right to use the original node binary to install
    rocket.chat, especially on systems that use much older versions of node,
    like on CentOS.

  • Update download path and sha256 sum to reference latest

  • Update NodeJS to latest LTS version 8.9.4

Assets 2
Loading