Release

roles/cs.aws-logs-retention/tasks/main.yml

@@ -1,30 +1,16 @@
-- name: Fetch existing log groups per region
- shell: "aws logs describe-log-groups --region={{ region_info.region_name }}"
+- name: Fetch existing log groups only for selected region
+ shell: "aws logs describe-log-groups --region={{ aws_region }}"
  register: aws_log_rentention_describe
- when: region_info.opt_in_status == 'opt-in-not-required'
  changed_when: no
- loop: "{{ aws_regions }}"
- loop_control:
- loop_var: region_info
- label: "{{ region_info.region_name }}"
 
-- name: Get log groups with no retention for each region
+- name: Get log groups with no retention in selected region
  set_fact:
  data:
- groups: "{{ (result.stdout | from_json).logGroups | json_query('[?!retentionInDays].logGroupName') }}"
- region: "{{ result.region_info.region_name }}"
- when: result is not skipped
- loop: "{{ aws_log_rentention_describe.results }}"
- loop_control:
- loop_var: result
- label: "{{ result.region_info.region_name }}"
+ groups: "{{ (aws_log_rentention_describe.stdout | from_json).logGroups | json_query('[?!retentionInDays].logGroupName') }}"
+ region: "{{ aws_region }}"
+ when: aws_log_rentention_describe.stdout is defined
  register: aws_log_retention_groups
 
-- name: Set log retention for groups that do not have it
- shell: "aws logs put-retention-policy --log-group-name={{ item[1] }} --retention-in-days=7 --region={{ item[0].ansible_facts.data.region }}"
- with_subelements:
- - "{{ aws_log_retention_groups.results }}"
- - "ansible_facts.data.groups"
- loop_control:
- label: "{{ item[1] }}"
- ignore_errors: yes
+- name: Set log retention for groups without retention
+ shell: "aws logs put-retention-policy --log-group-name={{ item }} --retention-in-days=7 --region={{ aws_region }}"
+ loop: "{{ aws_log_retention_groups.ansible_facts.data.groups }}"

roles/cs.magento-configure/defaults/main/app-etc.yml

@@ -45,7 +45,6 @@ magento_app_etc_config:
  password: "{{ mageops_app_mysql_pass }}"
  model: mysql4
  engine: innodb
- initStatements: "SET NAMES utf8;"
  active: "1"
 
  resource:

roles/cs.new-relic/templates/newrelic.ini.j2

@@ -109,7 +109,7 @@ newrelic.logfile = "/var/log/newrelic/php_agent.log"
 ; list is considered the 'primary' application name and must be unique
 ; for each account / license key.
 ;
-newrelic.appname = "{{ new_relic_app_name }}"
+newrelic.appname = "{{ new_relic_app_name }}-cli"
 
 ; Setting: newrelic.process_host.display_name
 ; Type : string

roles/cs.nginx-language-redirect-multilevel/defaults/main.yml

@@ -33,9 +33,7 @@ nginx_language_redirect_multilevel_rules: []
 # rewrite:
 # source: "^/(.*)$"
 # target: "/en/$1"
-
-
-
+# rewrite_type: "permanent" # optional, default is "redirect"
 
 # configuration file paths
 nginx_language_redirect_multilevel_conf_filename: "30-language-redirect.conf"

roles/cs.nginx-language-redirect-multilevel/templates/language-redirect-rules.conf.j2

@@ -140,6 +140,6 @@ if ( $server_name != "{{ regex }}" ) {
 {# Render rewrite #}
 {% for rule in nginx_language_redirect_multilevel_rules %}
 if ( $match_{{loop.index}} = 1 ) {
- rewrite {{ rule.rewrite.source }} {{ rule.rewrite.target }} redirect;
+ rewrite {{ rule.rewrite.source }} {{ rule.rewrite.target }} {{ rule.rewrite.rewrite_type | default('redirect') }};
 }
 {% endfor %}

roles/cs.nginx-magento/templates/magento_vhost.conf.j2

@@ -1,3 +1,10 @@
+{% if nginx_custom_redirects %}
+ map $http_x_forwarded_proto $redirect_scheme {
+ default $scheme;
+ https https;
+}
+{% endif %}
+
 {% if nginx_magento_run_type in ('store', 'website') %}
 map $host $MAGE_RUN_CODE {
 {% if nginx_mage_default_run_code %}
@@ -36,7 +43,7 @@ server {
 
 {% if nginx_custom_redirects %}
  if ($perm_redirect_uri) {
- return 301 $scheme://$host$perm_redirect_uri;
+ return 301 $redirect_scheme://$host$perm_redirect_uri;
  }
 {% endif %}
 
@@ -100,7 +107,7 @@ server {
 
 {% if nginx_custom_redirects %}
  if ($perm_redirect_uri) {
- return 301 $scheme://$host$perm_redirect_uri;
+ return 301 $redirect_scheme://$host$perm_redirect_uri;
  }
 {% endif %}
 

roles/cs.php-fpm/templates/php-fpm.pool.conf

@@ -34,3 +34,7 @@ catch_workers_output = yes
 ; php_admin_value[error_log] = {{ php_fpm_log_dir_path }}/{{ php_fpm_pool_name }}.error.log
 php_admin_flag[log_errors] = on
 php_flag[expose_php] = off
+
+{% if mageops_new_relic_enabled | default(false, true) %}
+php_admin_value[newrelic.appname] = "{{ new_relic_app_name }}"
+{% endif %}

roles/cs.systemd-oomd/tasks/main.yml

@@ -10,15 +10,16 @@
  enabled: yes
  state: started
 
-- name: Check if psi=1 is already in kernel parameters
- ansible.builtin.shell:
- cmd: grubby --info=ALL | grep 'args.*psi=1'
+- name: Check if any kernel is missing psi=1
+ ansible.builtin.shell: |
+ set -o pipefail
+ grubby --info=ALL | grep args | grep -v "psi=1"
  register: _psi_check
  changed_when: false
  failed_when: _psi_check.rc > 1
 
 - name: Add psi=1 to kernel parameters using grubby
- ansible.builtin.shell:
- cmd: grubby --update-kernel=ALL --args=psi=1
- when: _psi_check.stdout == ""
- notify: Reboot System
+ ansible.builtin.shell: |
+ grubby --update-kernel=ALL --args=psi=1
+ when: _psi_check.stdout != ""
+ notify: Reboot System

roles/cs.varnish/defaults/main.yml

@@ -137,6 +137,8 @@ varnish_throttling_rules: []
 # This can be used to add for example generic POST limit
 varnish_throttling_rules_always: []
 
+varnish_user_agent_blacklist: []
+
 varnish_backend_instances_extra: []
 varnish_backend_instances_app:
  - private_ip_address: "{{ varnish_default_backend_ip }}"

roles/cs.varnish/templates/vcl/subroutines/recv.vcl.j2

@@ -14,6 +14,12 @@
  }
 {% endif %}
 
+{% if varnish_user_agent_blacklist | length > 0 %}
+ if (req.http.User-Agent && req.http.User-Agent ~ "(?i){{ varnish_user_agent_blacklist | join('|') }}") {
+ return (synth(401, "Restricted"));
+}
+{% endif %}
+
 {% if varnish_throttling_enabled %}
 {# Throttling shall be evaluated first after any redirects because if we throtthle then nothing else is done anyway #}
 {% include "vcl/subroutines/recv_throttling.vcl.j2" %}