diff --git a/.gitignore b/.gitignore index 50e375e..e107c13 100644 --- a/.gitignore +++ b/.gitignore @@ -1,23 +1,28 @@ -SOURCES/ansible-posix-1.3.0.tar.gz -SOURCES/ansible-sshd-214df35c0bee77b5d69f49c2da269251d451b28f.tar.gz -SOURCES/auto-maintenance-5e7bb389fc5e93184871b3907e75ba896874dc21.tar.gz -SOURCES/certificate-1.1.3.tar.gz -SOURCES/cockpit-1.2.1.tar.gz -SOURCES/community-general-4.6.0.tar.gz -SOURCES/crypto_policies-1.2.3.tar.gz -SOURCES/firewall-1.1.0.tar.gz -SOURCES/ha_cluster-1.4.1.tar.gz -SOURCES/kdump-1.2.2.tar.gz -SOURCES/kernel_settings-1.1.6.tar.gz -SOURCES/logging-1.8.1.tar.gz -SOURCES/metrics-1.5.1.tar.gz -SOURCES/nbde_client-1.2.2.tar.gz -SOURCES/nbde_server-1.1.2.tar.gz -SOURCES/network-1.7.1.tar.gz -SOURCES/postfix-1.2.0.tar.gz -SOURCES/selinux-1.3.4.tar.gz -SOURCES/ssh-1.1.4.tar.gz -SOURCES/storage-1.7.0.tar.gz -SOURCES/timesync-1.6.6.tar.gz -SOURCES/tlog-1.2.6.tar.gz -SOURCES/vpn-1.3.2.tar.gz +SOURCES/ad_integration-1.1.0.tar.gz +SOURCES/ansible-posix-1.5.2.tar.gz +SOURCES/ansible-sshd-v0.19.0.tar.gz +SOURCES/auto-maintenance-f8932b3155a3cb7579a2b3c453578f7bee6bb837.tar.gz +SOURCES/certificate-1.1.11.tar.gz +SOURCES/cockpit-1.4.5.tar.gz +SOURCES/community-general-6.6.0.tar.gz +SOURCES/containers-podman-1.10.1.tar.gz +SOURCES/crypto_policies-1.2.9.tar.gz +SOURCES/firewall-1.4.4.tar.gz +SOURCES/ha_cluster-1.9.2.tar.gz +SOURCES/journald-1.0.3.tar.gz +SOURCES/kdump-1.2.9.tar.gz +SOURCES/kernel_settings-1.1.15.tar.gz +SOURCES/logging-1.11.7.tar.gz +SOURCES/metrics-1.8.4.tar.gz +SOURCES/nbde_client-1.2.13.tar.gz +SOURCES/nbde_server-1.3.5.tar.gz +SOURCES/network-1.11.4.tar.gz +SOURCES/podman-1.1.5.tar.gz +SOURCES/postfix-1.3.6.tar.gz +SOURCES/rhc-1.1.2.tar.gz +SOURCES/selinux-1.5.9.tar.gz +SOURCES/ssh-1.1.15.tar.gz +SOURCES/storage-1.9.8.tar.gz +SOURCES/timesync-1.7.5.tar.gz +SOURCES/tlog-1.2.14.tar.gz +SOURCES/vpn-1.5.6.tar.gz diff --git a/.rhel-system-roles.metadata b/.rhel-system-roles.metadata index c7602f8..a4fff7f 100644 --- a/.rhel-system-roles.metadata +++ b/.rhel-system-roles.metadata @@ -1,23 +1,28 @@ -d2d2382c38eaf34d2295aba2aa4652d75ebbaeef SOURCES/ansible-posix-1.3.0.tar.gz -a4d4556cf6628e87fa62dec6c46099338b499930 SOURCES/ansible-sshd-214df35c0bee77b5d69f49c2da269251d451b28f.tar.gz -a2ec14498a7fd213f08dd24ca139039c958b07fd SOURCES/auto-maintenance-5e7bb389fc5e93184871b3907e75ba896874dc21.tar.gz -cee41b5fd6359e9ddeb83c5af7b8057fef6b2334 SOURCES/certificate-1.1.3.tar.gz -004064268df0e7dd154331b7799272d3277388d4 SOURCES/cockpit-1.2.1.tar.gz -ad8684050c86bad7ce4882a84e14be6867a56d8d SOURCES/community-general-4.6.0.tar.gz -0684c1335923ba8ebbb05afbd507e5ff31f874d6 SOURCES/crypto_policies-1.2.3.tar.gz -fcb8d48ccaeba886859ce6afd3d14bbb3f8a5667 SOURCES/firewall-1.1.0.tar.gz -9a990a4908bdf3269bce4f214907623780a5e221 SOURCES/ha_cluster-1.4.1.tar.gz -a1c9c89dea1dbe2410465c29ad0e1d3637ac5f52 SOURCES/kdump-1.2.2.tar.gz -0a681d1e3b236c4750d663f2a833e786a5e958ab SOURCES/kernel_settings-1.1.6.tar.gz -e530528ba5f9478cc8604aa6612388ea8e5078af SOURCES/logging-1.8.1.tar.gz -430ce63a7b45b97305e4f8591192fa7e58af8292 SOURCES/metrics-1.5.1.tar.gz -0424321322eb4d80560a8d2d9fee406296728463 SOURCES/nbde_client-1.2.2.tar.gz -33f0a3ea008021e69b2bbd7b25f6536f91e7613d SOURCES/nbde_server-1.1.2.tar.gz -dcd2261fe6b6a998aca3eb6c968204152e2ffd51 SOURCES/network-1.7.1.tar.gz -95c54da9ef5acaae9553f2c4ed250452502ab9e0 SOURCES/postfix-1.2.0.tar.gz -4e5c5216814577ee55304721e5c811ed8857efbc SOURCES/selinux-1.3.4.tar.gz -f38972c4b22a9f226b58725c7e9ba8fac692bba2 SOURCES/ssh-1.1.4.tar.gz -0728b4e01261f84ce470431a4ea21907db75f26a SOURCES/storage-1.7.0.tar.gz -0bd118c9df9bf556a76d42c92bde11fde5553eba SOURCES/timesync-1.6.6.tar.gz -d10a0dd866c1ce982d2ba22500718df3fb2ab766 SOURCES/tlog-1.2.6.tar.gz -d1bb00636c04bc1b2d94ce0e491afe9ef921cd56 SOURCES/vpn-1.3.2.tar.gz +e82f7b4e4fc2c122cec0c00dc4e0a2842621098b SOURCES/ad_integration-1.1.0.tar.gz +7e167df15dacf6e9bc881334ac3e9c3559d08c65 SOURCES/ansible-posix-1.5.2.tar.gz +edcfa5243b2e74c50ab8fd17f514bbc9df693c06 SOURCES/ansible-sshd-v0.19.0.tar.gz +51d1a1d7f8b0091c7d4de336a6fb70d94e543944 SOURCES/auto-maintenance-f8932b3155a3cb7579a2b3c453578f7bee6bb837.tar.gz +e20cefc120d4b5479ddc85c25569a616d4ec85e3 SOURCES/certificate-1.1.11.tar.gz +707bf93df61a8d72ddcb00d047bffb043be5d88f SOURCES/cockpit-1.4.5.tar.gz +09ae6be895c593d5c7e50f1a5fe5283c9b18e577 SOURCES/community-general-6.6.0.tar.gz +ccb070885fd455bb6e7f2b8ca050d40d30609fec SOURCES/containers-podman-1.10.1.tar.gz +8d10b260dfc1c4929aab17dbee575c8e602af481 SOURCES/crypto_policies-1.2.9.tar.gz +d4a0b3e4bddd3ed2e9f744ff9162fa5a8fdeae13 SOURCES/firewall-1.4.4.tar.gz +a31f8991f824989a84f03dfe59dc00798d7bed56 SOURCES/ha_cluster-1.9.2.tar.gz +75d5143f647ecd14acbcd7200f7f2d3d122d07f9 SOURCES/journald-1.0.3.tar.gz +a19f33b974f47d43e181e20a8b347e99ac006586 SOURCES/kdump-1.2.9.tar.gz +c29c657b9d69ffb044bd0dbf548285afe8b24c40 SOURCES/kernel_settings-1.1.15.tar.gz +e3165b696a1be616cade1dcf67666bafe0732207 SOURCES/logging-1.11.7.tar.gz +99aebd5d91ce9c658c6dd567136f79944154e2e0 SOURCES/metrics-1.8.4.tar.gz +5f647edf042def87ddacd42ad24ac94451d08f9f SOURCES/nbde_client-1.2.13.tar.gz +b197a1d7369dba1e7d6730768d9ffa8c1da1b09f SOURCES/nbde_server-1.3.5.tar.gz +7ac2d8a3d3a62bda223dd7b95e6472cb82dc511f SOURCES/network-1.11.4.tar.gz +55d2368fdc84637c36e817dc17265cf9d2ffacd9 SOURCES/podman-1.1.5.tar.gz +a5b8496013cd07804067becb89e92ab7014b334c SOURCES/postfix-1.3.6.tar.gz +4fa42d7f5a8f51e0312095b0d70eddc25fb18b90 SOURCES/rhc-1.1.2.tar.gz +530f39c2246c95a71633d26fcc3e9fdb62bb696d SOURCES/selinux-1.5.9.tar.gz +9e4363507d8703a84550c939cd07841b68d49a75 SOURCES/ssh-1.1.15.tar.gz +709cd07f6524be4672fe29af6d335595afe49c60 SOURCES/storage-1.9.8.tar.gz +bd1ae00cb7d7bf3999f881b36bdbd13e18d37094 SOURCES/timesync-1.7.5.tar.gz +db272bcf2e9758f57160c94710daca2b67933d40 SOURCES/tlog-1.2.14.tar.gz +2b1b07ede55e470cf1debfcee6c9ef7519701567 SOURCES/vpn-1.5.6.tar.gz diff --git a/SOURCES/Bug-2098226-storage-role-raid_level-striped-is-not-supported.patch b/SOURCES/Bug-2098226-storage-role-raid_level-striped-is-not-supported.patch deleted file mode 100644 index a57114b..0000000 --- a/SOURCES/Bug-2098226-storage-role-raid_level-striped-is-not-supported.patch +++ /dev/null @@ -1,151 +0,0 @@ -From acb99e74a24fa07863c596fe59d2999adc28c249 Mon Sep 17 00:00:00 2001 -From: Vojtech Trefny -Date: Thu, 2 Jun 2022 15:18:19 +0200 -Subject: [PATCH] LVM RAID raid0 level support (#272) - -* Add workaround for missing LVM raid0 support in blivet - -Blivet supports creating LVs with segment type "raid0" but it is -not in the list of supported RAID levels. This will be fixed in -blivet, see https://github.com/storaged-project/blivet/pull/1047 - -* Add a test for LVM RAID raid0 level - -* README: Remove "striped" from the list of supported RAID for pools - -We use MD RAID for RAIDs on the pool level which doesn't support -"striped" level. - -* README: Clarify supported volume RAID levels - -We support different levels for LVM RAID and MD RAID. - -(cherry picked from commit 8b868a348155b08479743945aba88271121ad4b0) ---- - README.md | 7 ++- - library/blivet.py | 7 +++ - tests/tests_create_raid_pool_then_remove.yml | 54 ++++++++++++++++++++ - 3 files changed, 66 insertions(+), 2 deletions(-) - -diff --git a/README.md b/README.md -index f8e3daa..bd123d7 100644 ---- a/README.md -+++ b/README.md -@@ -54,7 +54,7 @@ device node basename (like `sda` or `mpathb`), /dev/disk/ symlink - ##### `raid_level` - When used with `type: lvm` it manages a volume group with a mdraid array of given level - on it. Input `disks` are in this case used as RAID members. --Accepted values are: `linear`, `striped`, `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10` -+Accepted values are: `linear`, `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10` - - ##### `volumes` - This is a list of volumes that belong to the current pool. It follows the -@@ -136,7 +136,10 @@ Specifies RAID level. LVM RAID can be created as well. - "Regular" RAID volume requires type to be `raid`. - LVM RAID needs that volume has `storage_pools` parent with type `lvm`, - `raid_disks` need to be specified as well. --Accepted values are: `linear` (N/A for LVM RAID), `striped`, `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10` -+Accepted values are: -+* for LVM RAID volume: `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10`, `striped`, `mirror` -+* for RAID volume: `linear`, `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10` -+ - __WARNING__: Changing `raid_level` for a volume is a destructive operation, meaning - all data on that volume will be lost as part of the process of - removing old and adding new RAID. RAID reshaping is currently not -diff --git a/library/blivet.py b/library/blivet.py -index 29552fa..33c93b2 100644 ---- a/library/blivet.py -+++ b/library/blivet.py -@@ -118,6 +118,7 @@ LIB_IMP_ERR = "" - try: - from blivet3 import Blivet - from blivet3.callbacks import callbacks -+ from blivet3 import devicelibs - from blivet3 import devices - from blivet3.deviceaction import ActionConfigureFormat - from blivet3.flags import flags as blivet_flags -@@ -132,6 +133,7 @@ except ImportError: - try: - from blivet import Blivet - from blivet.callbacks import callbacks -+ from blivet import devicelibs - from blivet import devices - from blivet.deviceaction import ActionConfigureFormat - from blivet.flags import flags as blivet_flags -@@ -152,6 +154,11 @@ if BLIVET_PACKAGE: - set_up_logging() - log = logging.getLogger(BLIVET_PACKAGE + ".ansible") - -+ # XXX add support for LVM RAID raid0 level -+ devicelibs.lvm.raid_levels.add_raid_level(devicelibs.raid.RAID0) -+ if "raid0" not in devicelibs.lvm.raid_seg_types: -+ devicelibs.lvm.raid_seg_types.append("raid0") -+ - - MAX_TRIM_PERCENT = 2 - -diff --git a/tests/tests_create_raid_pool_then_remove.yml b/tests/tests_create_raid_pool_then_remove.yml -index d81680d..1fb4e15 100644 ---- a/tests/tests_create_raid_pool_then_remove.yml -+++ b/tests/tests_create_raid_pool_then_remove.yml -@@ -150,3 +150,57 @@ - raid_disks: "{{ [unused_disks[0], unused_disks[1]] }}" - - - include_tasks: verify-role-results.yml -+ -+ - name: Create a RAID0 lvm raid device -+ include_role: -+ name: linux-system-roles.storage -+ vars: -+ storage_pools: -+ - name: vg1 -+ disks: "{{ unused_disks }}" -+ type: lvm -+ state: present -+ volumes: -+ - name: lv1 -+ size: "{{ volume1_size }}" -+ mount_point: "{{ mount_location1 }}" -+ raid_disks: "{{ [unused_disks[0], unused_disks[1]] }}" -+ raid_level: raid0 -+ -+ - include_tasks: verify-role-results.yml -+ -+ - name: Repeat the previous invocation to verify idempotence -+ include_role: -+ name: linux-system-roles.storage -+ vars: -+ storage_pools: -+ - name: vg1 -+ disks: "{{ unused_disks }}" -+ type: lvm -+ state: present -+ volumes: -+ - name: lv1 -+ size: "{{ volume1_size }}" -+ mount_point: "{{ mount_location1 }}" -+ raid_level: raid0 -+ raid_disks: "{{ [unused_disks[0], unused_disks[1]] }}" -+ -+ - include_tasks: verify-role-results.yml -+ -+ - name: Remove the device created above -+ include_role: -+ name: linux-system-roles.storage -+ vars: -+ storage_pools: -+ - name: vg1 -+ disks: "{{ unused_disks }}" -+ type: lvm -+ state: absent -+ volumes: -+ - name: lv1 -+ size: "{{ volume1_size }}" -+ mount_point: "{{ mount_location1 }}" -+ raid_level: raid0 -+ raid_disks: "{{ [unused_disks[0], unused_disks[1]] }}" -+ -+ - include_tasks: verify-role-results.yml --- -2.35.3 - diff --git a/SOURCES/Bug-2098227-storage-role-cannot-set-mount_options-for-volumes.patch b/SOURCES/Bug-2098227-storage-role-cannot-set-mount_options-for-volumes.patch deleted file mode 100644 index 3d5baed..0000000 --- a/SOURCES/Bug-2098227-storage-role-cannot-set-mount_options-for-volumes.patch +++ /dev/null @@ -1,192 +0,0 @@ -From ba8a97039805f488c26b4d857f0137a349359c23 Mon Sep 17 00:00:00 2001 -From: Richard Megginson -Date: Mon, 16 May 2022 07:51:43 -0600 -Subject: [PATCH] add support for mount_options (#270) - -* add support for mount_options - -When support for argument validation was added, that support did not -include the `mount_options` parameter. This fix adds back that -parameter. In addition, the volume module arguments are refactored -so that the common volume parameters such as `mount_options` can be -specified in one place. - -This adds a test for the `mount_options` parameter, and adds -verification for that parameter. - -* only checkout mount_options if requested - -(cherry picked from commit ecf3d04bb704db5c1a095aaef40c2372fd45d4d6) ---- - library/blivet.py | 78 ++++++++++++++---------------- - tests/test-verify-volume-fstab.yml | 22 ++++++++- - tests/tests_misc.yml | 3 ++ - 3 files changed, 60 insertions(+), 43 deletions(-) - -diff --git a/library/blivet.py b/library/blivet.py -index 80575bb..29552fa 100644 ---- a/library/blivet.py -+++ b/library/blivet.py -@@ -105,6 +105,7 @@ volumes: - elements: dict - ''' - -+import copy - import logging - import os - import traceback -@@ -1500,6 +1501,39 @@ def activate_swaps(b, pools, volumes): - - def run_module(): - # available arguments/parameters that a user can pass -+ common_volume_opts = dict(encryption=dict(type='bool'), -+ encryption_cipher=dict(type='str'), -+ encryption_key=dict(type='str'), -+ encryption_key_size=dict(type='int'), -+ encryption_luks_version=dict(type='str'), -+ encryption_password=dict(type='str'), -+ fs_create_options=dict(type='str'), -+ fs_label=dict(type='str', default=''), -+ fs_type=dict(type='str'), -+ mount_options=dict(type='str'), -+ mount_point=dict(type='str'), -+ name=dict(type='str'), -+ raid_level=dict(type='str'), -+ size=dict(type='str'), -+ state=dict(type='str', default='present', choices=['present', 'absent']), -+ type=dict(type='str')) -+ volume_opts = copy.deepcopy(common_volume_opts) -+ volume_opts.update( -+ dict(disks=dict(type='list'), -+ raid_device_count=dict(type='int'), -+ raid_spare_count=dict(type='int'), -+ raid_metadata_version=dict(type='str'))) -+ pool_volume_opts = copy.deepcopy(common_volume_opts) -+ pool_volume_opts.update( -+ dict(cached=dict(type='bool'), -+ cache_devices=dict(type='list', elements='str', default=list()), -+ cache_mode=dict(type='str'), -+ cache_size=dict(type='str'), -+ compression=dict(type='bool'), -+ deduplication=dict(type='bool'), -+ raid_disks=dict(type='list', elements='str', default=list()), -+ vdo_pool_size=dict(type='str'))) -+ - module_args = dict( - pools=dict(type='list', elements='dict', - options=dict(disks=dict(type='list', elements='str', default=list()), -@@ -1517,49 +1551,9 @@ def run_module(): - state=dict(type='str', default='present', choices=['present', 'absent']), - type=dict(type='str'), - volumes=dict(type='list', elements='dict', default=list(), -- options=dict(cached=dict(type='bool'), -- cache_devices=dict(type='list', elements='str', default=list()), -- cache_mode=dict(type='str'), -- cache_size=dict(type='str'), -- compression=dict(type='bool'), -- deduplication=dict(type='bool'), -- encryption=dict(type='bool'), -- encryption_cipher=dict(type='str'), -- encryption_key=dict(type='str'), -- encryption_key_size=dict(type='int'), -- encryption_luks_version=dict(type='str'), -- encryption_password=dict(type='str'), -- fs_create_options=dict(type='str'), -- fs_label=dict(type='str', default=''), -- fs_type=dict(type='str'), -- mount_point=dict(type='str'), -- name=dict(type='str'), -- raid_disks=dict(type='list', elements='str', default=list()), -- raid_level=dict(type='str'), -- size=dict(type='str'), -- state=dict(type='str', default='present', choices=['present', 'absent']), -- type=dict(type='str'), -- vdo_pool_size=dict(type='str'))))), -+ options=pool_volume_opts))), - volumes=dict(type='list', elements='dict', -- options=dict(disks=dict(type='list'), -- encryption=dict(type='bool'), -- encryption_cipher=dict(type='str'), -- encryption_key=dict(type='str'), -- encryption_key_size=dict(type='int'), -- encryption_luks_version=dict(type='str'), -- encryption_password=dict(type='str'), -- fs_create_options=dict(type='str'), -- fs_label=dict(type='str', default=''), -- fs_type=dict(type='str'), -- mount_point=dict(type='str'), -- name=dict(type='str'), -- raid_level=dict(type='str'), -- raid_device_count=dict(type='int'), -- raid_spare_count=dict(type='int'), -- raid_metadata_version=dict(type='str'), -- size=dict(type='str'), -- state=dict(type='str', default='present', choices=['present', 'absent']), -- type=dict(type='str'))), -+ options=volume_opts), - packages_only=dict(type='bool', required=False, default=False), - disklabel_type=dict(type='str', required=False, default=None), - safe_mode=dict(type='bool', required=False, default=True), -diff --git a/tests/test-verify-volume-fstab.yml b/tests/test-verify-volume-fstab.yml -index 80d78f0..0091084 100644 ---- a/tests/test-verify-volume-fstab.yml -+++ b/tests/test-verify-volume-fstab.yml -@@ -11,6 +11,15 @@ - storage_test_fstab_expected_mount_point_matches: "{{ 1 - if (_storage_test_volume_present and storage_test_volume.mount_point and storage_test_volume.mount_point.startswith('/')) - else 0 }}" -+ storage_test_fstab_mount_options_matches: "{{ storage_test_fstab.stdout_lines | -+ map('regex_search', ' ' + storage_test_volume.mount_point + ' .* ' + storage_test_volume.mount_options + ' +') | -+ select('string')|list if ( -+ storage_test_volume.mount_options|d('none',true) != 'none' -+ and storage_test_volume.mount_point|d('none',true) != 'none' -+ ) else [] }}" -+ storage_test_fstab_expected_mount_options_matches: "{{ 1 -+ if (_storage_test_volume_present and storage_test_volume.mount_options) -+ else 0 }}" - - # device id - - name: Verify that the device identifier appears in /etc/fstab -@@ -26,7 +35,16 @@ - msg: "Expected number ({{ storage_test_fstab_expected_mount_point_matches }}) of - entries with volume '{{ storage_test_volume.name }}' mount point not found in /etc/fstab." - --# todo: options -+# mount options -+- name: Verify mount_options -+ assert: -+ that: storage_test_fstab_mount_options_matches|length == storage_test_fstab_expected_mount_options_matches|int -+ msg: "Expected number ({{ storage_test_fstab_expected_mount_options_matches }}) of -+ entries with volume '{{ storage_test_volume.name }}' mount options not found in /etc/fstab." -+ when: -+ - __storage_verify_mount_options | d(false) -+ - "'mount_options' in storage_test_volume" -+ - "'mount_point' in storage_test_volume" - - - name: Clean up variables - set_fact: -@@ -34,3 +52,5 @@ - storage_test_fstab_mount_point_matches: null - storage_test_fstab_expected_id_matches: null - storage_test_fstab_expected_mount_point_matches: null -+ storage_test_fstab_mount_options_matches: null -+ storage_test_fstab_expected_mount_options_matches: null -diff --git a/tests/tests_misc.yml b/tests/tests_misc.yml -index 159c959..97c1627 100644 ---- a/tests/tests_misc.yml -+++ b/tests/tests_misc.yml -@@ -189,8 +189,11 @@ - fs_type: 'ext4' - fs_create_options: '-F' - mount_point: "{{ mount_location }}" -+ mount_options: rw,noatime,defaults - - - include_tasks: verify-role-results.yml -+ vars: -+ __storage_verify_mount_options: true - - - name: Remove the disk volume created above - include_role: --- -2.35.3 - diff --git a/SOURCES/CHANGELOG.md b/SOURCES/CHANGELOG.md new file mode 100644 index 0000000..e03473b --- /dev/null +++ b/SOURCES/CHANGELOG.md @@ -0,0 +1,620 @@ +Changelog +========= + +[1.21.2] - 2023-05-04 +---------------------------- + +### New Features + +- none + +### Bug Fixes + +- [RHC system role: activation key registration fails if system is already registered](https://bugzilla.redhat.com/show_bug.cgi?id=2186908) + +[1.21.1] - 2023-03-16 +---------------------------- + +### New Features + +- [rhc - New Role - Red Hat subscription management, insights management](https://bugzilla.redhat.com/show_bug.cgi?id=2144877) + +### Bug Fixes + +- none + +[1.21.0] - 2023-02-20 +---------------------------- + +### New Features + +- [ad_integration - [RFE] new role to support AD integration, join to AD domain](https://bugilla.redhat.com/show_bug.cgi?id=2144876) +- [cockpit - [RFE] convert cockpit role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2137667) +- [ha_cluster - Allow quorum device configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2143814) +- [ha_cluster - [RFE] convert ha_cluster role to use firewall, selinux and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130019) +- [journald - New role - journald - manage systemd-journald](https://bugzilla.redhat.com/show_bug.cgi?id=2165176) +- [logging - [RFE] convert logging role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130362) +- [metrics - [RFE] convert metrics role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133532) +- [nbde_server - [RFE] convert nbde_server role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133931) +- [network - Support cloned MAC address](https://bugzilla.redhat.com/show_bug.cgi?id=2143458) +- [network - [RFE] Support setting the metric of the default route for initscripts provider](https://bugzilla.redhat.com/show_bug.cgi?id=2134201) +- [network - [RFE] Support the DNS priority](https://bugzilla.redhat.com/show_bug.cgi?id=2133856) +- [network - Support looking up named route table in routing rule](https://bugzilla.redhat.com/show_bug.cgi?id=2129620) +- [podman - [RFE] role for managing podman containers and systemd](https://bugzilla.redhat.com/show_bug.cgi?id=2066864) +- [postfix - [RFE] convert postfix role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130332) +- [selinux - add support for the 'local' parameter](https://bugzilla.redhat.com/show_bug.cgi?id=2143385) +- [vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid](https://bugzilla.redhat.com/show_bug.cgi?id=2119600) +- [vpn - [RFE] convert vpn role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130345) + +### Bug Fixes + +- [ha_cluster - Fix stonith watchdog timeout](https://bugzilla.redhat.com/show_bug.cgi?id=2167941) +- [ha_cluster - Allow enabled SBD on disabled cluster](https://bugzilla.redhat.com/show_bug.cgi?id=2153081) +- [ha_cluster - use no_log in tasks looping over pot. secret parameters](https://bugzilla.redhat.com/show_bug.cgi?id=2127497) +- [nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data](https://bugzilla.redhat.com/show_bug.cgi?id=2159972) +- [nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names](https://bugzilla.redhat.com/show_bug.cgi?id=2126960) +- [network - should route traffic via correct bond](https://bugzilla.redhat.com/show_bug.cgi?id=2168733) +- [selinux - managing modules is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=2164879) +- [sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found](https://bugzilla.redhat.com/show_bug.cgi?id=2143401) +- [tlog - Unconditionally enable the files provider](https://bugzilla.redhat.com/show_bug.cgi?id=2153080) + +[1.20.0] - 2022-08-09 +---------------------------- + +### New Features + +- [cockpit - Add customization of port](https://bugzilla.redhat.com/show_bug.cgi?id=2115159) +- [firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID](https://bugzilla.redhat.com/show_bug.cgi?id=2100939) +- [firewall - support for firewall_config - gather firewall facts](https://bugzilla.redhat.com/show_bug.cgi?id=2115160) +- [logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs](https://bugzilla.redhat.com/show_bug.cgi?id=2112143) +- [selinux - Added setting of seuser and selevel for completeness](https://bugzilla.redhat.com/show_bug.cgi?id=2115162) + +### Bug Fixes + +- [nbde_client - Sets proper spacing for parameter rd.neednet=1](https://bugzilla.redhat.com/show_bug.cgi?id=2115161) +- [network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence](https://bugzilla.redhat.com/show_bug.cgi?id=2115884) +- [ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing](https://bugzilla.redhat.com/show_bug.cgi?id=2109997) +- [storage - [RHEL8] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.](https://bugzilla.redhat.com/show_bug.cgi?id=2082391) + +[1.19.3] - 2022-07-01 +---------------------------- + +### New Features + +- [firewall - support add/modify/delete services](https://bugzilla.redhat.com/show_bug.cgi?id=2100297) +- [network - [RFE] [network] Support managing the network through nmstate schema](https://bugzilla.redhat.com/show_bug.cgi?id=2100979) +- [storage - support for adding/removing disks to/from storage pools](https://bugzilla.redhat.com/show_bug.cgi?id=2066880) +- [storage - support for attaching cache volumes to existing volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2066881) + +### Bug Fixes + +- [firewall - forward_port should accept list of string or list of dict](https://bugzilla.redhat.com/show_bug.cgi?id=2101607) +- [metrics - document minimum supported redis version required by rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=2100285) +- [metrics - restart pmie, pmlogger if changed, do not wait for handler](https://bugzilla.redhat.com/show_bug.cgi?id=2100298) + +[1.19.2] - 2022-06-15 +---------------------------- + +### New Features + +- [sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9](https://bugzilla.redhat.com/show_bug.cgi?id=2086935) + +### Bug Fixes + +- none + +[1.19.1] - 2022-06-13 +---------------------------- + +### New Features + +- [storage - support for creating and managing LVM thin pools/LVs](https://bugzilla.redhat.com/show_bug.cgi?id=2066876) +- [All roles should support running with gather_facts: false](https://bugzilla.redhat.com/show_bug.cgi?id=2079008) + +### Bug Fixes + +- none + +[1.19.0] - 2022-06-06 +---------------------------- + +### New Features + +- [storage - support for creating and managing LVM thin pools/LVs](https://bugzilla.redhat.com/show_bug.cgi?id=2066876) +- [firewall - state no longer required for masquerade and ICMP block inversion](https://bugzilla.redhat.com/show_bug.cgi?id=2093437) + +### Bug Fixes + +- [storage - role raid_level "striped" is not supported](https://bugzilla.redhat.com/show_bug.cgi?id=2083426) + +[1.18.0] - 2022-05-26 +---------------------------- + +### New Features + +- [firewall - [Improvement] Allow System Role to reset to default Firewalld Settings](https://bugzilla.redhat.com/show_bug.cgi?id=2043009) +- [metrics - [RFE] add an option to the metrics role to enable postfix metric collection](https://bugzilla.redhat.com/show_bug.cgi?id=2079114) +- [network - Rework the infiniband support](https://bugzilla.redhat.com/show_bug.cgi?id=2086869) +- [sshd - system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf"](https://bugzilla.redhat.com/show_bug.cgi?id=2086934) +- [sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9](https://bugzilla.redhat.com/show_bug.cgi?id=2086935) + +### Bug Fixes + +- [storage - role cannot set mount_options for volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2083378) + +[1.17.0] - 2022-04-25 +---------------------------- + +### New Features + +- [All roles should support running with gather_facts: false](https://bugzilla.redhat.com/show_bug.cgi?id=2079008) +- [ha_cluster - support advanced corosync configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2065339) +- [ha_cluster - support SBD fencing](https://bugzilla.redhat.com/show_bug.cgi?id=2066868) +- [ha_cluster - add support for configuring bundle resources](https://bugzilla.redhat.com/show_bug.cgi?id=2073518) +- [logging - Logging - RFE - support template, severity and facility options](https://bugzilla.redhat.com/show_bug.cgi?id=2075116) +- [metrics - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065215) +- [metrics - [RFE] add an option to the metrics role to enable postfix metric collection](https://bugzilla.redhat.com/show_bug.cgi?id=2079114) +- [network - [RFE] Extend rhel-system-roles.network feature set to support routing rules](https://bugzilla.redhat.com/show_bug.cgi?id=1996731) +- [network - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065670) +- [postfix - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065216) +- [postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065218) + +### Bug Fixes + +- [firewall - Firewall system role Ansible deprecation warning related to "include"](https://bugzilla.redhat.com/show_bug.cgi?id=2078650) +- [kernel_settings - error configobj not found on RHEL 8.6 managed hosts [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2060378) +- [metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2060377) +- [nbde_client - NBDE client system role does not support servers with static IP addresses [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2071011) +- [network - bond: fix typo in supporting the infiniband ports in active-backup mode](https://bugzilla.redhat.com/show_bug.cgi?id=2064067) +- [sshd - FIPS mode detection in SSHD role is wrong](https://bugzilla.redhat.com/show_bug.cgi?id=2075338) +- [storage - RFE storage Less verbosity by default](https://bugzilla.redhat.com/show_bug.cgi?id=2056480) +- [tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default](https://bugzilla.redhat.com/show_bug.cgi?id=2072749) + +[1.16.3] - 2022-04-07 +---------------------------- + +### New Features + +- none + +### Bug Fixes + +- [tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default](https://bugzilla.redhat.com/show_bug.cgi?id=2072749) + +[1.16.2] - 2022-04-06 +---------------------------- + +### New Features + +- [nbde_client - NBDE client system role does not support servers with static IP addresses](https://bugzilla.redhat.com/show_bug.cgi?id=1985022) + +### Bug Fixes + +- none + +[1.16.1] - 2022-03-29 +---------------------------- + +### New Features + +- [nbde_client - NBDE client system role does not support servers with static IP addresses](https://bugzilla.redhat.com/show_bug.cgi?id=1985022) + +### Bug Fixes + +- none + +[1.16.0] - 2022-03-22 +---------------------------- + +### New Features + +- [network - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2057656) +- [metrics - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2057645) +- [postfix - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2057661) +- [postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default](https://bugzilla.redhat.com/show_bug.cgi?id=2044657) + +### Bug Fixes + +- [network - bond: fix typo in supporting the infiniband ports in active-backup mode](https://bugzilla.redhat.com/show_bug.cgi?id=2064388) + +[1.15.1] - 2022-03-03 +---------------------------- + +### New Features + +- none + +### Bug Fixes + +- [kernel_settings - error configobj not found on RHEL 8.6 managed hosts](https://bugzilla.redhat.com/show_bug.cgi?id=2058772) +- [timesync - timesync: basic-smoke test failure in timesync/tests_ntp.yml](https://bugzilla.redhat.com/show_bug.cgi?id=2058645) + +[1.15.0] - 2022-03-01 +---------------------------- + +### New Features + +- [firewall - [RFE] - Firewall RHEL System Role should be able to set default zone](https://bugzilla.redhat.com/show_bug.cgi?id=2022458) + +### Bug Fixes + +- [metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run](https://bugzilla.redhat.com/show_bug.cgi?id=2058655) +- [firewall - ensure target changes take effect immediately](https://bugzilla.redhat.com/show_bug.cgi?id=2057172) + +[1.14.0] - 2022-02-14 +---------------------------- + +### New Features + +- [network - [RFE] Add more bonding options to rhel-system-roles.network](https://bugzilla.redhat.com/show_bug.cgi?id=2008931) +- [certificate - should consistently use ansible_managed in hook scripts](https://bugzilla.redhat.com/show_bug.cgi?id=2054364) +- [tlog - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2054363) +- [vpn - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2054365) + +### Bug Fixes + +- [ha_cluster - set permissions for haclient group](https://bugzilla.redhat.com/show_bug.cgi?id=2049747) + +[1.13.1] - 2022-02-08 +---------------------------- + +### New Features + +- none + +### Bug Fixes + +- [vpn - vpn: template error while templating string: no filter named 'vpn_ipaddr'](https://bugzilla.redhat.com/show_bug.cgi?id=2050341) +- [kdump - kdump: Unable to start service kdump: Job for kdump.service failed because the control process exited with error code.](https://bugzilla.redhat.com/show_bug.cgi?id=2052105) + +[1.13.0] - 2022-02-01 +---------------------------- + +### New Features + +- [storage - RFE: Add support for RAID volumes (lvm-only)](https://bugzilla.redhat.com/show_bug.cgi?id=2016514) +- [storage - RFE: Add support for cached volumes (lvm-only)](https://bugzilla.redhat.com/show_bug.cgi?id=2016511) +- [nbde_client - NBDE client system role does not support servers with static IP addresses](https://bugzilla.redhat.com/show_bug.cgi?id=1985022) +- [ha_cluster - [RFE] ha_cluster - Support for creating resource constraints (Location, Ordering, etc.)](https://bugzilla.redhat.com/show_bug.cgi?id=2041635) +- [network - RFE: Support Routing Tables in static routes in Network Role](https://bugzilla.redhat.com/show_bug.cgi?id=2031521) + +### Bug Fixes + +- [metrics - role can't be re-run if the Grafana admin password has been changed](https://bugzilla.redhat.com/show_bug.cgi?id=1967321) +- [network - Failure to activate connection: nm-manager-error-quark: No suitable device found for this connection](https://bugzilla.redhat.com/show_bug.cgi?id=2034908) +- [network - Set DNS search setting only for enabled IP protocols](https://bugzilla.redhat.com/show_bug.cgi?id=2041627) + +[1.12.0] - 2022-01-27 +---------------------------- + +### New Features + +- none + +### Bug Fixes + +- [logging - Logging role "logging_purge_confs" option not properly working](https://bugzilla.redhat.com/show_bug.cgi?id=2040812) +- [kernel_settings - role should use ansible_managed in its configuration file](https://bugzilla.redhat.com/show_bug.cgi?id=2047504) + +[1.11.0] - 2022-01-20 +---------------------------- + +### New Features + +- [Support ansible-core 2.11+](https://bugzilla.redhat.com/show_bug.cgi?id=2012316) +- [cockpit - Please include "cockpit" role](https://bugzilla.redhat.com/show_bug.cgi?id=2021661) +- [ssh - ssh/tests_all_options.yml: "assertion": "'StdinNull yes' in config.content | b64decode ", failure](https://bugzilla.redhat.com/show_bug.cgi?id=2029614) + +### Bug Fixes + +- [timesync - timesync: Failure related to missing ntp/ntpd package/service on RHEL-9 host](https://bugzilla.redhat.com/show_bug.cgi?id=2029463) +- [logging - role missing quotes for immark module interval value](https://bugzilla.redhat.com/show_bug.cgi?id=2021678) +- [kdump - kdump: support reboot required and reboot ok](https://bugzilla.redhat.com/show_bug.cgi?id=2029605) +- [sshd - should detect FIPS mode and handle tasks correctly in FIPS mode](https://bugzilla.redhat.com/show_bug.cgi?id=1979714) + +[1.10.0] - 2021-11-08 +---------------------------- + +### New Features + +- [cockpit - Please include "cockpit" role](https://bugzilla.redhat.com/show_bug.cgi?id=2021661) +- [firewall - Ansible Roles for RHEL Firewall](https://bugzilla.redhat.com/show_bug.cgi?id=1854988) +- [firewall - RFE: firewall-system-role: add ability to add-source](https://bugzilla.redhat.com/show_bug.cgi?id=1932678) +- [firewall - RFE: firewall-system-role: allow user defined zones](https://bugzilla.redhat.com/show_bug.cgi?id=1850768) +- [firewall - RFE: firewall-system-role: allow specifying the zone](https://bugzilla.redhat.com/show_bug.cgi?id=1850753) +- [Support ansible-core 2.11+](https://bugzilla.redhat.com/show_bug.cgi?id=2012316) +- [network - role: Allow to specify PCI address to configure profiles](https://bugzilla.redhat.com/show_bug.cgi?id=1695634) +- [network - [RFE] support wifi Enhanced Open (OWE)](https://bugzilla.redhat.com/show_bug.cgi?id=1993379) +- [network - [RFE] support WPA3 Simultaneous Authentication of Equals(SAE)](https://bugzilla.redhat.com/show_bug.cgi?id=1993311) +- [network - [Network] RFE: Support ignoring default gateway retrieved by DHCP/IPv6-RA](https://bugzilla.redhat.com/show_bug.cgi?id=1897565) +- [logging - [RFE] logging - Add user and password](https://bugzilla.redhat.com/show_bug.cgi?id=2010327) + +### Bug Fixes + +- [Replace `# {{ ansible_managed }}` with `{{ ansible_managed | comment }}`](https://bugzilla.redhat.com/show_bug.cgi?id=2006230) +- [logging - role missing quotes for immark module interval value](https://bugzilla.redhat.com/show_bug.cgi?id=2021678) +- [logging - Logging - Performance improvement](https://bugzilla.redhat.com/show_bug.cgi?id=2005727) +- [nbde_client - add regenerate-all to the dracut command](https://bugzilla.redhat.com/show_bug.cgi?id=2021682) +- [certificate - certificates: "group" option keeps certificates inaccessible to the group](https://bugzilla.redhat.com/show_bug.cgi?id=2021683) + +[1.7.3] - 2021-08-26 +---------------------------- + +### New Features + +- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1978488) + +### Bug Fixes + +- none + +[1.7.2] - 2021-08-24 +---------------------------- + +### New Features + +- none + +### Bug Fixes + +- [logging - Update the certificates copy tasks](https://bugzilla.redhat.com/show_bug.cgi?id=1996777) + +[1.7.1] - 2021-08-16 +---------------------------- + +### New Features + +- none + +### Bug Fixes + +- [metrics - role: the bpftrace role does not properly configure bpftrace agent](https://bugzilla.redhat.com/show_bug.cgi?id=1994180) + +[1.7.0] - 2021-08-12 +---------------------------- + +### New Features + +- [drop support for Ansible 2.8](https://bugzilla.redhat.com/show_bug.cgi?id=1989197) + +### Bug Fixes + +- [sshd - sshd: failed to validate: error:Missing Match criteria for all Bad Match condition](https://bugzilla.redhat.com/show_bug.cgi?id=1991598) + +[1.6.6] - 2021-08-06 +---------------------------- + +### New Features + +- [logging - [RFE] logging - Add a support for list value to server_host in the elasticsearch output](https://bugzilla.redhat.com/show_bug.cgi?id=1986460) + +### Bug Fixes + +- none + +[1.6.2] - 2021-07-30 +---------------------------- + +### New Features + +- none + +### Bug Fixes + +- [metrics - role: Grafana dashboard not working after metrics role run unless services manually restarted](https://bugzilla.redhat.com/show_bug.cgi?id=1984150) + +[1.6.0] - 2021-07-28 +---------------------------- + +### New Features + +- [storage - [RFE] storage: support volume sizes as a percentage of pool](https://bugzilla.redhat.com/show_bug.cgi?id=1984583) + +### Bug Fixes + +- none + +[1.5.0] - 2021-07-15 +---------------------------- + +### New Features + +- [ha_cluster - RFE: ha_cluster - add pacemaker cluster properties configuration](https://bugzilla.redhat.com/show_bug.cgi?id=1982913) + +### Bug Fixes + +- none + +[1.4.3] - 2021-07-15 +---------------------------- + +### New Features + +- [crypto_policies - rename 'policy modules' to 'subpolicies'](https://bugzilla.redhat.com/show_bug.cgi?id=1982896) + +### Bug Fixes + +- none + +[1.4.2] - 2021-07-15 +---------------------------- + +### New Features + +- [storage - storage: relabel doesn't support](https://bugzilla.redhat.com/show_bug.cgi?id=1876315) + +### Bug Fixes + +- none + +[1.4.1] - 2021-07-09 +---------------------------- + +### New Features + +- none + +### Bug Fixes + +- [network - Re-running the network system role results in "changed: true" when nothing has actually changed](https://bugzilla.redhat.com/show_bug.cgi?id=1943384) + +[1.4.0] - 2021-07-08 +---------------------------- + +### New Features + +- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1882475) + +### Bug Fixes + +- none + +[1.3.0] - 2021-06-23 +---------------------------- + +### New Features + +- [ha_cluster - RFE: add pacemaker resources configuration](https://bugzilla.redhat.com/show_bug.cgi?id=1963283) +- [network - [Network] RFE: Support ignoring default gateway retrieved by DHCP/IPv6-RA](https://bugzilla.redhat.com/show_bug.cgi?id=1897565) +- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1882475) +- [sshd - RFE: sshd - support for appending a snippet to configuration file](https://bugzilla.redhat.com/show_bug.cgi?id=1970642) +- [timesync - RFE: timesync support for Network Time Security (NTS)](https://bugzilla.redhat.com/show_bug.cgi?id=1970664) + +### Bug Fixes + +- [postfix - Postfix RHEL system role README.md missing variables under the "Role Variables" section](https://bugzilla.redhat.com/show_bug.cgi?id=1961858) +- [postfix - the postfix role is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=1960375) +- [selinux - task for semanage says Fedora in name but also runs on RHEL/CentOS 8](https://bugzilla.redhat.com/show_bug.cgi?id=1966681) +- [metrics - role task to enable logging for targeted hosts not working](https://bugzilla.redhat.com/show_bug.cgi?id=1967335) +- [sshd ssh - Unable to set sshd_hostkey_group and sshd_hostkey_mode](https://bugzilla.redhat.com/show_bug.cgi?id=1966711) + +[1.2.3] - 2021-06-17 +---------------------------- + +### New Features + +- [main.yml: Add EL 9 support for all roles](https://bugzilla.redhat.com/show_bug.cgi?id=1952887) + +### Bug Fixes + +- none + +[1.2.2] - 2021-06-15 +---------------------------- + +### New Features + +- [timesync - Add hybrid_e2e option to PTP domain](https://bugzilla.redhat.com/show_bug.cgi?id=1957849) + +### Bug Fixes + +- [Internal links in README.md are broken](https://bugzilla.redhat.com/show_bug.cgi?id=1962976) +- [ha_cluster - cannot read preshared key in binary format](https://bugzilla.redhat.com/show_bug.cgi?id=1952620) + +[1.2.1] - 2021-05-21 +---------------------------- + +### New Features + +- none + +### Bug Fixes + +- [Internal links in README.md are broken](https://bugzilla.redhat.com/show_bug.cgi?id=1962976) + +[1.2.0] - 2021-05-17 +---------------------------- + +### New Features + +- [network - role: Support ethtool -G|--set-ring options](https://bugzilla.redhat.com/show_bug.cgi?id=1959649) + +### Bug Fixes + +- [postfix - postfix: Use FQRN in README](https://bugzilla.redhat.com/show_bug.cgi?id=1958963) +- [postfix - Documentation error in rhel-system-roles postfix readme file](https://bugzilla.redhat.com/show_bug.cgi?id=1866544) +- [storage - storage: calltrace observed when set type: partition for storage_pools](https://bugzilla.redhat.com/show_bug.cgi?id=1854187) + +[1.1.0] - 2021-05-13 +---------------------------- + +### New Features + +- [timesync - [RFE] support for free form configuration for chrony](https://bugzilla.redhat.com/show_bug.cgi?id=1938023) +- [timesync - [RFE] support for timesync_max_distance to configure maxdistance/maxdist parameter](https://bugzilla.redhat.com/show_bug.cgi?id=1938016) +- [timesync - [RFE] support for ntp xleave, filter, and hw timestamping](https://bugzilla.redhat.com/show_bug.cgi?id=1938020) +- [selinux - [RFE] Ability to install custom SELinux module via Ansible](https://bugzilla.redhat.com/show_bug.cgi?id=1848683) +- [network - support for ipv6_disabled to disable ipv6 for address](https://bugzilla.redhat.com/show_bug.cgi?id=1939711) +- [vpn - [RFE] Release Ansible role for vpn in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1943679) + +### Bug Fixes + +- [Bug fixes for Collection/Automation Hub](https://bugzilla.redhat.com/show_bug.cgi?id=1954747) +- [timesync - do not use ignore_errors in timesync role](https://bugzilla.redhat.com/show_bug.cgi?id=1938014) +- [selinux - rhel-system-roles should not reload the SELinux policy if its not changed](https://bugzilla.redhat.com/show_bug.cgi?id=1757869) + +[1.0.0] - 2021-02-23 +---------------------------- + +### New Features + +- [network - RFE: [network] Support of DNS with options](https://bugzilla.redhat.com/show_bug.cgi?id=1893959) +- [network - RFE: [network] Embrace Inclusive language](https://bugzilla.redhat.com/show_bug.cgi?id=1893957) +- [ssh - [8.4] [RFE] Release Ansible role for ssh client in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893712) +- [clusterha - [8.4] [RFE] Release Ansible role for cluster HA in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893743) +- [logging - Logging - Support RELP secure transport in the logging role configuration](https://bugzilla.redhat.com/show_bug.cgi?id=1889484) +- [metrics - [8.4] [RFE] add exporting-metric-data-to-elasticsearch functionality in the metrics role](https://bugzilla.redhat.com/show_bug.cgi?id=1895188) +- [metrics - release SQL server configuration support in the metrics role](https://bugzilla.redhat.com/show_bug.cgi?id=1893908) +- [[8.4] Package rhel-system-roles in the collection format in addition to the legacy role format](https://bugzilla.redhat.com/show_bug.cgi?id=1893906) + +### Bug Fixes + +- [logging - Logging - Integrating ELK with RHV-4.4 fails as RHVH is missing 'rsyslog-gnutls' package.](https://bugzilla.redhat.com/show_bug.cgi?id=1927943) +- [storage - storage: omitted parameters on existing pool/volume is interpreted as "use the default"](https://bugzilla.redhat.com/show_bug.cgi?id=1894651) +- [storage - storage: must list disks in order to identify an existing pool](https://bugzilla.redhat.com/show_bug.cgi?id=1894676) +- [storage - storage: pool metadata usage must be accounted for by the user](https://bugzilla.redhat.com/show_bug.cgi?id=1894647) +- [selinux - Merged fix incorrect default value (there is no variable named "present")](https://bugzilla.redhat.com/show_bug.cgi?id=1926947) +- [storage - storage: tests_luks.yml partition case failed with nvme disk](https://bugzilla.redhat.com/show_bug.cgi?id=1865990) + +[1.0] - 2021-01-15 +---------------------------- + +### New Features + +- [tlog - Add exclude_users and exclude_groups support](https://bugzilla.redhat.com/show_bug.cgi?id=1895472) +- [crypto_policies - [8.4] [RFE] Release Ansible role for crypto policies in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893699) +- [sshd - [8.4] [RFE] Release Ansible role for sshd in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893696) +- [metrics - role should automate the setup of Grafana datasources](https://bugzilla.redhat.com/show_bug.cgi?id=1855544) +- [network role: Support -K|--features|--offload ethtool options](https://bugzilla.redhat.com/show_bug.cgi?id=1696703) +- [network role: Atomic changes](https://bugzilla.redhat.com/show_bug.cgi?id=1695161) + +### Bug Fixes + +- [storage - safe mode of storage role does not prevent accidentally losing data when toggling encryption on a volume, disk or pool](https://bugzilla.redhat.com/show_bug.cgi?id=1881524) +- [storage - storage: ext2/3/4 resize function doesn't work](https://bugzilla.redhat.com/show_bug.cgi?id=1862867) +- [logging - [logging role] cannot setup machine with tls](https://bugzilla.redhat.com/show_bug.cgi?id=1861318) +- [certificate - role: The role is not idempotent in rhel7](https://bugzilla.redhat.com/show_bug.cgi?id=1859547) +- [logging - Logging - Bug fixes](https://bugzilla.redhat.com/show_bug.cgi?id=1854546) +- [logging - [logging role] support scenario for client without key/cert, just CA cert](https://bugzilla.redhat.com/show_bug.cgi?id=1860896) +- [metrics - role incorrectly sets up multiple primary pmie processes in multi-host mode](https://bugzilla.redhat.com/show_bug.cgi?id=1855539) +- [certificate - role cannot manage EL7 hosts](https://bugzilla.redhat.com/show_bug.cgi?id=1848745) +- [network - [network] Support state:down persistent_state:absent for non-existent profile](https://bugzilla.redhat.com/show_bug.cgi?id=1822777) +- [network - Creating active bonded interface fails with the initscripts provider](https://bugzilla.redhat.com/show_bug.cgi?id=1848472) +- [logging - Logging role had performance issues](https://bugzilla.redhat.com/show_bug.cgi?id=1848762) +- [certificate - role does not work on controller hosts which use jinja2 2.10](https://bugzilla.redhat.com/show_bug.cgi?id=1848742) +- [nbde_client - fix idempotency, check_mode issues with nbde_client role](https://bugzilla.redhat.com/show_bug.cgi?id=1848766) +- [storage - Storage role can remove existing filesystems and volume groups without warning](https://bugzilla.redhat.com/show_bug.cgi?id=1763242) +- [network role: Minimize service disruption](https://bugzilla.redhat.com/show_bug.cgi?id=1695157) +- [typo in selinux/tests/tests_selinux_disabled.yml: Invalid options for assert: mgs](https://bugzilla.redhat.com/show_bug.cgi?id=1677743) +- [Check mode problems in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1685904) + +[0.6] - 2018-05-11 +---------------------------- + +### New Features + +- [RFE: Ansible rhel-system-roles.network: add ETHTOOL_OPTS, LINKDELAY, IPV4_FAILURE_FATAL](https://bugzilla.redhat.com/show_bug.cgi?id=1478576) + +### Bug Fixes + +- none diff --git a/SOURCES/CHANGELOG.rst b/SOURCES/CHANGELOG.rst new file mode 100644 index 0000000..cf9ac93 --- /dev/null +++ b/SOURCES/CHANGELOG.rst @@ -0,0 +1 @@ +See docs/CHANGELOG.md diff --git a/SOURCES/ansible-packaging.inc b/SOURCES/ansible-packaging.inc new file mode 100644 index 0000000..83db05b --- /dev/null +++ b/SOURCES/ansible-packaging.inc @@ -0,0 +1,18 @@ +# Helper macros originally from macros.ansible by Igor Raits +# On RHEL, not available, so we must define those macros locally +# On Fedora, provided by ansible-packaging +# ansible-core is available on RHEL 8.6 and newer at buildtime. + +Provides: ansible-collection(%{collection_namespace}.%{collection_name}) = %{collection_version} + +# Untar and copy everything instead of galaxy-installing the built artifact when ansible is not available +%define ansible_collection_build() tar -cf %{_tmppath}/%{collection_namespace}-%{collection_name}-%{version}.tar.gz . +%define ansible_collection_install() mkdir -p %{buildroot}%{ansible_collection_files}%{collection_name}; (cd %{buildroot}%{ansible_collection_files}%{collection_name}; tar -xf %{_tmppath}/%{collection_namespace}-%{collection_name}-%{version}.tar.gz) + +%define ansible_roles_dir %{_datadir}/ansible/roles +%define ansible_collections_dir %{_datadir}/ansible/collections/ansible_collections + +%global ansible_collection_files %{ansible_collections_dir}/%{collection_namespace}/ + +# the python3 macro is not defined on rhel7 so define it here +%global python3 python3 diff --git a/SOURCES/ansible-sshd.patch b/SOURCES/ansible-sshd.patch deleted file mode 100644 index 8d6817d..0000000 --- a/SOURCES/ansible-sshd.patch +++ /dev/null @@ -1,428 +0,0 @@ -From e3004a25d680a17852ade20fa7438b5d4acfc470 Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Wed, 6 Apr 2022 10:42:17 +0200 -Subject: [PATCH 1/7] Update templates to apply FIPS hostkeys filter - -This fixes up the commit 7f69d1e6 - -Signed-off-by: Jakub Jelen ---- - templates/sshd_config.j2 | 6 +++++- - templates/sshd_config_snippet.j2 | 6 +++++- - 2 files changed, 10 insertions(+), 2 deletions(-) - -diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2 -index 15ee668..8c7f322 100644 ---- a/templates/sshd_config.j2 -+++ b/templates/sshd_config.j2 -@@ -22,7 +22,11 @@ - {% elif sshd[key] is defined %} - {% set value = sshd[key] %} - {% elif __sshd_defaults[key] is defined and not sshd_skip_defaults %} --{% set value = __sshd_defaults[key] %} -+{% if key == 'HostKey' and __sshd_fips_mode %} -+{% set value = __sshd_defaults[key] | difference(__sshd_hostkeys_nofips) %} -+{% else %} -+{% set value = __sshd_defaults[key] %} -+{% endif %} - {% endif %} - {{ render_option(key,value) -}} - {% endmacro %} -diff --git a/templates/sshd_config_snippet.j2 b/templates/sshd_config_snippet.j2 -index 6766e09..6b23c76 100644 ---- a/templates/sshd_config_snippet.j2 -+++ b/templates/sshd_config_snippet.j2 -@@ -21,7 +21,11 @@ - {% elif sshd[key] is defined %} - {% set value = sshd[key] %} - {% elif __sshd_defaults[key] is defined and not sshd_skip_defaults %} --{% set value = __sshd_defaults[key] %} -+{% if key == 'HostKey' and __sshd_fips_mode %} -+{% set value = __sshd_defaults[key] | difference(__sshd_hostkeys_nofips) %} -+{% else %} -+{% set value = __sshd_defaults[key] %} -+{% endif %} - {% endif %} - {{ render_option(key,value) -}} - {% endmacro %} --- -2.34.1 - - -From 8ee135cbd9ea63e4345a5ec618d64d14f6b03eee Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Wed, 6 Apr 2022 11:10:27 +0200 -Subject: [PATCH 2/7] Set explicit path to the main configuration file to work - well with the drop-in directory - -Signed-off-by: Jakub Jelen ---- - tests/tests_alternative_file.yml | 2 ++ - tests/tests_alternative_file_role.yml | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/tests/tests_alternative_file.yml b/tests/tests_alternative_file.yml -index 0a8ccaf..215c726 100644 ---- a/tests/tests_alternative_file.yml -+++ b/tests/tests_alternative_file.yml -@@ -6,6 +6,7 @@ - - /etc/ssh/sshd_config.d/00-ansible_system_role.conf - - /etc/ssh/sshd_config_custom - - /etc/ssh/sshd_config_custom_second -+ - /tmp/ssh_host_ecdsa_key - tasks: - - name: "Backup configuration files" - include_tasks: tasks/backup.yml -@@ -52,6 +53,7 @@ - include_role: - name: ansible-sshd - vars: -+ sshd_config_file: /etc/ssh/sshd_config - sshd: - Banner: /etc/issue - Ciphers: aes192-ctr -diff --git a/tests/tests_alternative_file_role.yml b/tests/tests_alternative_file_role.yml -index 9177709..3e7c7ea 100644 ---- a/tests/tests_alternative_file_role.yml -+++ b/tests/tests_alternative_file_role.yml -@@ -6,6 +6,7 @@ - - /etc/ssh/sshd_config.d/00-ansible_system_role.conf - - /etc/ssh/sshd_config_custom - - /etc/ssh/sshd_config_custom_second -+ - /tmp/ssh_host_ecdsa_key - tasks: - - name: "Backup configuration files" - include_tasks: tasks/backup.yml -@@ -57,6 +58,7 @@ - roles: - - ansible-sshd - vars: -+ sshd_config_file: /etc/ssh/sshd_config - sshd: - Banner: /etc/issue - Ciphers: aes192-ctr --- -2.34.1 - - -From 041e86952d14b5c90795fb553e7ba942d541a6b3 Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Wed, 6 Apr 2022 11:17:12 +0200 -Subject: [PATCH 3/7] tests: Fix OS detection to match also CentOS 9 - -Signed-off-by: Jakub Jelen ---- - tests/tasks/setup.yml | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/tests/tasks/setup.yml b/tests/tasks/setup.yml -index 90a3f00..a0e9324 100644 ---- a/tests/tasks/setup.yml -+++ b/tests/tasks/setup.yml -@@ -26,6 +26,5 @@ - main_sshd_config_name: 00-ansible_system_role.conf - main_sshd_config_path: /etc/ssh/sshd_config.d/ - when: > -- ansible_facts['distribution'] == 'Fedora' or -- (ansible_facts['distribution'] == 'RedHat' and -- ansible_facts['distribution_major_version']|int > 8) -+ ansible_facts['os_family'] == 'RedHat' and -+ ansible_facts['distribution_major_version']|int > 8 --- -2.34.1 - - -From e33f2f5bb874aa786ac0c81e8ef63509033f6644 Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Wed, 6 Apr 2022 11:20:34 +0200 -Subject: [PATCH 4/7] tests: Slurp the correct file when writing main config - -Signed-off-by: Jakub Jelen ---- - tests/tests_alternative_file.yml | 2 +- - tests/tests_alternative_file_role.yml | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tests/tests_alternative_file.yml b/tests/tests_alternative_file.yml -index 215c726..172c73a 100644 ---- a/tests/tests_alternative_file.yml -+++ b/tests/tests_alternative_file.yml -@@ -82,7 +82,7 @@ - - - name: Print the main configuration file - slurp: -- src: "{{ main_sshd_config }}" -+ src: /etc/ssh/sshd_config - register: config3 - - - name: Check content of first configuration file -diff --git a/tests/tests_alternative_file_role.yml b/tests/tests_alternative_file_role.yml -index 3e7c7ea..09fbce4 100644 ---- a/tests/tests_alternative_file_role.yml -+++ b/tests/tests_alternative_file_role.yml -@@ -98,7 +98,7 @@ - - - name: Print the main configuration file - slurp: -- src: "{{ main_sshd_config }}" -+ src: /etc/ssh/sshd_config - register: config3 - - - name: Check content of first configuration file --- -2.34.1 - - -From 8d91dcecd000e7843ad9e827c3d2e6e04ce05e8d Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Wed, 6 Apr 2022 20:28:32 +0200 -Subject: [PATCH 5/7] Unbreak FIPS detection and hostkey filtering - -Signed-off-by: Jakub Jelen ---- - tasks/install.yml | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/tasks/install.yml b/tasks/install.yml -index f1d8455..571281c 100644 ---- a/tasks/install.yml -+++ b/tasks/install.yml -@@ -40,10 +40,11 @@ - - - name: Make sure hostkeys are available and have expected permissions - vars: &share_vars -+ # 'MAo=' evaluates to '0\n' in base 64 encoding, which is default - __sshd_fips_mode: >- -- - __sshd_hostkeys_nofips | d([]) -- - __sshd_kernel_fips_mode.content | b64decode == "1" | bool or \ -- __sshd_userspace_fips_mode.content | b64decode != "0" | bool -+ {{ __sshd_hostkeys_nofips | d([]) and -+ (__sshd_kernel_fips_mode.content | d('MAo=') | b64decode | trim == '1' or -+ __sshd_userspace_fips_mode.content | d('MAo=') | b64decode | trim != '0') }} - # This mimics the macro body_option() in sshd_config.j2 - # The explicit to_json filter is needed for Python 2 compatibility - __sshd_hostkeys_from_config: >- -@@ -58,14 +59,14 @@ - {{ __sshd_defaults['HostKey'] | to_json }} - {% endif %} - {% else %} -- [] -+ {{ [] | to_json }} - {% endif %} - __sshd_verify_hostkeys: >- - {% if not sshd_verify_hostkeys %} -- [] -+ {{ [] | to_json }} - {% elif sshd_verify_hostkeys == 'auto' %} -- {% if sshd_HostKey is string %} -- [ {{ __sshd_hostkeys_from_config }} ] -+ {% if __sshd_hostkeys_from_config | from_json is string %} -+ {{ [ __sshd_hostkeys_from_config | from_json ] | to_json }} - {% else %} - {{ __sshd_hostkeys_from_config }} - {% endif %} --- -2.34.1 - - -From d839fb207e29cbbbc1d256260190f113c332ecba Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Mon, 11 Apr 2022 13:06:24 +0200 -Subject: [PATCH 6/7] tests: Add negative test for FIPS mode - -This fixes also a typo that was overlooked previously - -Signed-off-by: Jakub Jelen ---- - tests/tests_hostkeys_fips.yml | 53 ++++++++++++++++++++++++++++++----- - 1 file changed, 46 insertions(+), 7 deletions(-) - -diff --git a/tests/tests_hostkeys_fips.yml b/tests/tests_hostkeys_fips.yml -index 65cc765..7cf3767 100644 ---- a/tests/tests_hostkeys_fips.yml -+++ b/tests/tests_hostkeys_fips.yml -@@ -4,13 +4,52 @@ - __sshd_test_backup_files: - - /etc/ssh/sshd_config - - /etc/ssh/sshd_config.d/00-ansible_system_role.conf -- - /etc/ssh/ssh_host_ed255519_key -- - /etc/ssh/ssh_host_ed255519_key.pub -+ - /etc/ssh/ssh_host_ed25519_key -+ - /etc/ssh/ssh_host_ed25519_key.pub - - /etc/system-fips - tasks: - - name: "Backup configuration files" - include_tasks: tasks/backup.yml - -+ - name: Run the role with default parameters without FIPS mode -+ include_role: -+ name: ansible-sshd -+ -+ - name: Verify the options are correctly set -+ block: -+ - meta: flush_handlers -+ -+ - name: Print current configuration file -+ slurp: -+ src: "{{ main_sshd_config }}" -+ register: config -+ -+ - name: Get stat of private key -+ stat: -+ path: /etc/ssh/ssh_host_ed25519_key -+ register: privkey -+ -+ - name: Get stat of public key -+ stat: -+ path: /etc/ssh/ssh_host_ed25519_key.pub -+ register: pubkey -+ -+ - name: Check the key is in configuration file (without include) -+ assert: -+ that: -+ - "'HostKey /etc/ssh/ssh_host_ed25519_key' in config.content | b64decode" -+ when: -+ - ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version']|int < 9 -+ -+ - name: Check host key was generated -+ assert: -+ that: -+ - privkey.stat.exists -+ - pubkey.stat.exists -+ when: -+ - ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version']|int > 6 -+ tags: tests::verify -+ - - name: Fake FIPS mode - block: - - name: Create temporary directory -@@ -40,13 +79,13 @@ - - name: Remove the Ed25519 hostkey - file: - path: -- /etc/ssh/ssh_host_ed255519_key -+ /etc/ssh/ssh_host_ed25519_key - state: absent - - - name: Remove the Ed25519 pubkey - file: - path: -- /etc/ssh/ssh_host_ed255519_key.pub -+ /etc/ssh/ssh_host_ed25519_key.pub - state: absent - - - name: Run the role with default parameters -@@ -64,18 +103,18 @@ - - - name: Get stat of private key - stat: -- path: /etc/ssh/ssh_host_ed255519_key -+ path: /etc/ssh/ssh_host_ed25519_key - register: privkey - - - name: Get stat of public key - stat: -- path: /etc/ssh/ssh_host_ed255519_key.pub -+ path: /etc/ssh/ssh_host_ed25519_key.pub - register: pubkey - - - name: Check the key is not in configuration file - assert: - that: -- - "'HostKey /etc/ssh/ssh_host_ed255519_key' not in config.content | b64decode" -+ - "'HostKey /etc/ssh/ssh_host_ed25519_key' not in config.content | b64decode" - - - name: Check no host key was generated - assert: --- -2.34.1 - - -From 2a49697fa4bb6281796e76a4b7ee34c356f802cc Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Mon, 11 Apr 2022 13:07:44 +0200 -Subject: [PATCH 7/7] Introduce default hostkeys to check when using drop-in - directory - -Previously no hostkeys were checked if they were not present -in the generated configuration file. When the drop-in directory is -used, usually, there are no hostkeys in that file and no sanity -check for hostkeys was executed. - -This amends the "auto" value for the hostkeys check to allow checking -for default hostkeys that are read by OpenSSH by default. - -Signed-off-by: Jakub Jelen ---- - defaults/main.yml | 1 + - tasks/install.yml | 8 +++++++- - vars/Fedora.yml | 6 ++++++ - vars/RedHat_9.yml | 6 ++++++ - 4 files changed, 20 insertions(+), 1 deletion(-) - -diff --git a/defaults/main.yml b/defaults/main.yml -index 18d6114..7e40e51 100644 ---- a/defaults/main.yml -+++ b/defaults/main.yml -@@ -61,6 +61,7 @@ sshd_sftp_server: /usr/lib/openssh/sftp-server - # configuration or restarting), we make sure the keys exist and have correct - # permissions. To disable this check, set sshd_verify_hostkeys to false - sshd_verify_hostkeys: "auto" -+__sshd_verify_hostkeys_default: [] - sshd_hostkey_owner: "{{ __sshd_hostkey_owner }}" - sshd_hostkey_group: "{{ __sshd_hostkey_group }}" - sshd_hostkey_mode: "{{ __sshd_hostkey_mode }}" -diff --git a/tasks/install.yml b/tasks/install.yml -index 571281c..fa7d3c3 100644 ---- a/tasks/install.yml -+++ b/tasks/install.yml -@@ -65,7 +65,13 @@ - {% if not sshd_verify_hostkeys %} - {{ [] | to_json }} - {% elif sshd_verify_hostkeys == 'auto' %} -- {% if __sshd_hostkeys_from_config | from_json is string %} -+ {% if not __sshd_hostkeys_from_config | from_json %} -+ {% if __sshd_fips_mode %} -+ {{ __sshd_verify_hostkeys_default | difference(__sshd_hostkeys_nofips) | to_json }} -+ {% else %} -+ {{ __sshd_verify_hostkeys_default | to_json }} -+ {% endif %} -+ {% elif __sshd_hostkeys_from_config | from_json is string %} - {{ [ __sshd_hostkeys_from_config | from_json ] | to_json }} - {% else %} - {{ __sshd_hostkeys_from_config }} -diff --git a/vars/Fedora.yml b/vars/Fedora.yml -index 77bf172..cf2b081 100644 ---- a/vars/Fedora.yml -+++ b/vars/Fedora.yml -@@ -9,5 +9,11 @@ sshd_sftp_server: /usr/libexec/openssh/sftp-server - __sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf - __sshd_defaults: - __sshd_os_supported: yes -+__sshd_verify_hostkeys_default: -+ - /etc/ssh/ssh_host_rsa_key -+ - /etc/ssh/ssh_host_ecdsa_key -+ - /etc/ssh/ssh_host_ed25519_key -+__sshd_hostkeys_nofips: -+ - /etc/ssh/ssh_host_ed25519_key - __sshd_hostkey_group: ssh_keys - __sshd_hostkey_mode: "0640" -diff --git a/vars/RedHat_9.yml b/vars/RedHat_9.yml -index 33df26a..55239f4 100644 ---- a/vars/RedHat_9.yml -+++ b/vars/RedHat_9.yml -@@ -9,5 +9,11 @@ sshd_sftp_server: /usr/libexec/openssh/sftp-server - __sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf - __sshd_defaults: - __sshd_os_supported: yes -+__sshd_verify_hostkeys_default: -+ - /etc/ssh/ssh_host_rsa_key -+ - /etc/ssh/ssh_host_ecdsa_key -+ - /etc/ssh/ssh_host_ed25519_key -+__sshd_hostkeys_nofips: -+ - /etc/ssh/ssh_host_ed25519_key - __sshd_hostkey_group: ssh_keys - __sshd_hostkey_mode: "0640" --- -2.34.1 - diff --git a/SOURCES/extrasources.inc b/SOURCES/extrasources.inc new file mode 100644 index 0000000..dfe42af --- /dev/null +++ b/SOURCES/extrasources.inc @@ -0,0 +1,10 @@ +Source801: https://galaxy.ansible.com/download/ansible-posix-1.5.2.tar.gz +Source901: https://galaxy.ansible.com/download/community-general-6.6.0.tar.gz +Source902: https://galaxy.ansible.com/download/containers-podman-1.10.1.tar.gz + +Provides: bundled(ansible-collection(ansible.posix)) = 1.5.2 +Provides: bundled(ansible-collection(community.general)) = 6.6.0 +Provides: bundled(ansible-collection(containers.podman)) = 1.10.1 + +Source996: CHANGELOG.rst +Source998: collection_readme.sh diff --git a/SOURCES/network-disable-bondtests.diff b/SOURCES/network-disable-bondtests.diff deleted file mode 100644 index 81db978..0000000 --- a/SOURCES/network-disable-bondtests.diff +++ /dev/null @@ -1,65 +0,0 @@ -From d6c8319f52f3859b28044841063adf0013df878b Mon Sep 17 00:00:00 2001 -From: Rich Megginson -Date: Thu, 25 Mar 2021 13:57:45 -0600 -Subject: [PATCH 3/4] Patch53: network-disable-bondtests.diff - ---- - tests/playbooks/tests_bond.yml | 2 ++ - tests/playbooks/tests_bond_deprecated.yml | 2 ++ - tests/tests_bond_deprecated_initscripts.yml | 1 + - tests/tests_bond_initscripts.yml | 1 + - 4 files changed, 6 insertions(+) - -diff --git a/tests/playbooks/tests_bond.yml b/tests/playbooks/tests_bond.yml -index 1e45788..d3005a6 100644 ---- a/tests/playbooks/tests_bond.yml -+++ b/tests/playbooks/tests_bond.yml -@@ -8,6 +8,8 @@ - dhcp_interface1: test1 - port2_profile: bond0.1 - dhcp_interface2: test2 -+ tags: -+ - "tests::expfail" - tasks: - - name: "INIT Prepare setup" - debug: -diff --git a/tests/playbooks/tests_bond_deprecated.yml b/tests/playbooks/tests_bond_deprecated.yml -index f37e19a..ae475c4 100644 ---- a/tests/playbooks/tests_bond_deprecated.yml -+++ b/tests/playbooks/tests_bond_deprecated.yml -@@ -8,6 +8,8 @@ - dhcp_interface1: test1 - port2_profile: bond0.1 - dhcp_interface2: test2 -+ tags: -+ - "tests::expfail" - tasks: - - name: "INIT Prepare setup" - debug: -diff --git a/tests/tests_bond_deprecated_initscripts.yml b/tests/tests_bond_deprecated_initscripts.yml -index 383b488..cdf3de0 100644 ---- a/tests/tests_bond_deprecated_initscripts.yml -+++ b/tests/tests_bond_deprecated_initscripts.yml -@@ -10,6 +10,7 @@ - network_provider: initscripts - tags: - - always -+ - "tests::expfail" - - - import_playbook: playbooks/tests_bond_deprecated.yml - when: (ansible_distribution in ['CentOS','RedHat'] and -diff --git a/tests/tests_bond_initscripts.yml b/tests/tests_bond_initscripts.yml -index 8fa74c5..6a231c4 100644 ---- a/tests/tests_bond_initscripts.yml -+++ b/tests/tests_bond_initscripts.yml -@@ -10,6 +10,7 @@ - network_provider: initscripts - tags: - - always -+ - "tests::expfail" - - - import_playbook: playbooks/tests_bond.yml - when: (ansible_distribution in ['CentOS','RedHat'] and --- -2.30.2 - diff --git a/SOURCES/vendoring-build.inc b/SOURCES/vendoring-build.inc new file mode 100644 index 0000000..ad60e97 --- /dev/null +++ b/SOURCES/vendoring-build.inc @@ -0,0 +1,103 @@ +# Unpack tar.gz to retrieve to be vendored modules and place them in the roles library. +# ansible.posix: +# - library: +# - Module selinux and seboolean for the selinux role +# - Module mount for the storage role +declare -A module_map=( ["selinux.py"]="selinux" ["seboolean.py"]="selinux" ["mount.py"]="storage" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + if [ ! -d $role/library ]; then + mkdir $role/library + fi + cp -pL .external/ansible/posix/plugins/modules/$module $role/library/$module + sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' -e "s/ansible_collections.ansible.posix.plugins.module_utils/ansible.module_utils.${role}_lsr/" $role/library/$module +done + +# ansible.posix: +# - module_utils: +# - Module_util mount for the storage role +module_map=( ["mount.py"]="storage" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + if [ ! -d $role/module_utils/${role}_lsr ]; then + mkdir -p $role/module_utils/${role}_lsr + fi + cp -pL .external/ansible/posix/plugins/module_utils/$module $role/module_utils/${role}_lsr/$module +done + +# community.general: +# - library: +# - Module seport, sefcontext and selogin for the selinux role rolename2 +# - Module ini_file for role tlog +# - rhc modules +# - ha_cluster uses modprobe +module_map=( ["seport.py"]="selinux" ["sefcontext.py"]="selinux" ["selogin.py"]="selinux" ["ini_file.py"]="tlog" + ["redhat_subscription.py"]="rhc" ["rhsm_release.py"]="rhc" ["rhsm_repository.py"]="rhc" + ["modprobe.py"]="ha_cluster" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + if [ ! -d $role/library ]; then + mkdir $role/library + fi + # version 5.x seems to be broken? + moduledir=.external/community/general/plugins/modules + if [ ! -f $moduledir/$module ]; then + moduledir=.external/community/general/plugins/modules/system + fi + if [ ! -f $moduledir/$module ]; then + moduledir=.external/community/general/plugins/modules/files + fi + cp -pL $moduledir/$module $role/library/$module + ls -alrtF $role/library/$module + sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module + + # Remove doc_fragments + sed -i '/^extends_documentation_fragment:/,/^[^ -]/{/^extends/d;/^[ -]/d}' $role/library/$module +done + +# containers.podman: +# - library: +# - Module podman_container_info, podman_image and podman_play for the podman role +module_map=( ["podman_container_info.py"]="podman" ["podman_image.py"]="podman" ["podman_play.py"]="podman" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + if [ ! -d $role/library ]; then + mkdir $role/library + fi + moduledir=.external/containers/podman/plugins/modules + cp -pL $moduledir/$module $role/library/$module + ls -alrtF $role/library/$module + sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' \ + -e "s/ansible_collections.containers.podman.plugins.module_utils.podman/ansible.module_utils.${role}_lsr/" \ + $role/library/$module +done + +# containers.podman: +# - module_utils: +# - Module_util common for the podman role +module_map=( ["common.py"]="podman" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + if [ ! -d $role/module_utils/${role}_lsr ]; then + mkdir -p $role/module_utils/${role}_lsr + fi + cp -pL .external/containers/podman/plugins/module_utils/podman/$module $role/module_utils/${role}_lsr/$module +done + +# remove the temporary .external directory after vendoring +rm -rf .external + +# Replacing "linux-system-roles.rolename" with "rhel-system-roles.rolename" in each role +# Replacing "fedora.linux_system_roles." with "redhat.rhel_system_roles" in each role +# This is for the "roles calling other roles" case +# for podman, change the FQCN - using a non-FQCN module name doesn't seem to work, +# even for the legacy role format +# replace community.general for rhc +for rolename in %{rolenames}; do + find $rolename -type f -exec \ + sed -e "s/linux-system-roles[.]${rolename}\\>/%{roleinstprefix}${rolename}/g" \ + -e "s/fedora[.]linux_system_roles[.]/%{collection_namespace}.%{collection_name}./g" \ + -e "s/containers[.]podman[.]/%{collection_namespace}.%{collection_name}./g" \ + -e "s/community[.]general[.]/%{collection_namespace}.%{collection_name}./g" \ + -i {} \; +done diff --git a/SOURCES/vendoring-prep.inc b/SOURCES/vendoring-prep.inc new file mode 100644 index 0000000..66ea974 --- /dev/null +++ b/SOURCES/vendoring-prep.inc @@ -0,0 +1,12 @@ +# Untar vendored collection tarballs to corresponding directories +for file in %{SOURCE801} %{SOURCE901} %{SOURCE902}; do + if [[ "$(basename $file)" =~ ([^-]+)-([^-]+)-(.+).tar.gz ]]; then + ns=${BASH_REMATCH[1]} + name=${BASH_REMATCH[2]} + ver=${BASH_REMATCH[3]} + mkdir -p .external/$ns/$name + pushd .external/$ns/$name > /dev/null + tar xfz "$file" + popd > /dev/null + fi +done diff --git a/SPECS/rhel-system-roles.spec b/SPECS/rhel-system-roles.spec index 72675dc..6d7f480 100644 --- a/SPECS/rhel-system-roles.spec +++ b/SPECS/rhel-system-roles.spec @@ -1,15 +1,11 @@ -# NOTE: Even though ansible-core is in 8.6, it is only available -# at *runtime*, not at *buildtime* - so we can't have -# ansible-core as a build_dep on RHEL8 -%if 0%{?fedora} || 0%{?rhel} >= 9 -%bcond_without ansible -%global ansible_build_dep ansible-core >= 2.11.0 -%else -%if 0%{?rhel} && ! 0%{?epel} -%bcond_with ansible +# NOTE: ansible-core is in rhel-8.6 and newer, but not installable +# in buildroot as it depended on modular Python. +# It has been installable at buildtime in 8.8 and newer. +%if 0%{?fedora} +BuildRequires: ansible-packaging %else -%bcond_without ansible -%global ansible_build_dep ansible >= 2.9.10 +%if 0%{?rhel} >= 8 +BuildRequires: ansible-core >= 2.11.0 %endif %endif @@ -30,23 +26,12 @@ Name: linux-system-roles %endif Url: https://github.com/linux-system-roles Summary: Set of interfaces for unified system management -Version: 1.16.2 -Release: 1%{?dist}.3 +Version: 1.21.2 +Release: 1%{?dist} -#Group: Development/Libraries License: GPLv3+ and MIT and BSD and Python -%global installbase %{_datadir}/linux-system-roles %global _pkglicensedir %{_licensedir}/%{name} -%global rolealtprefix linux-system-roles. -%global roleprefix %{name}. -%global roleinstprefix %{nil} -%global rolealtrelpath ../../linux-system-roles/ -%if 0%{?rhel} -%global roleinstprefix %{roleprefix} -%global installbase %{_datadir}/ansible/roles -%global rolealtrelpath %{nil} -%endif - +%global roleinstprefix %{name}. %if 0%{?rhel} %global collection_namespace redhat %global collection_name rhel_system_roles @@ -57,20 +42,8 @@ License: GPLv3+ and MIT and BSD and Python %global collection_version %{version} -# Helper macros originally from macros.ansible by Igor Raits -# Not available on RHEL, so we must define those macros locally here without using ansible-galaxy - -# Not used (yet). Could be made to point to AH in RHEL - but what about CentOS Stream? -#%%{!?ansible_collection_url:%%define ansible_collection_url() https://galaxy.ansible.com/%%{collection_namespace}/%%{collection_name}} - -%if 0%{?fedora} || 0%{?rhel} >= 8 -%{!?ansible_collection_files:%define ansible_collection_files %{_datadir}/ansible/collections/ansible_collections/%{collection_namespace}/} -%else -# Define undefined macro using "!?ansible_collection_files:..." does not work for rhel-7 -%if %{?ansible_collection_files:0}%{!?ansible_collection_files:1} -%define ansible_collection_files %{_datadir}/ansible/collections/ansible_collections/%{collection_namespace}/ -%endif -%endif +# be compatible with the usual Fedora Provides: +Provides: ansible-collection-%{collection_namespace}-%{collection_name} = %{collection_version}-%{release} # ansible-core is in rhel 8.6 and later - default to ansible-core, but allow # the use of ansible if present - we may revisit this if the automatic dependency @@ -83,18 +56,6 @@ License: GPLv3+ and MIT and BSD and Python Requires: (ansible-core >= 2.11.0 or ansible >= 2.9.0) %endif -%if %{with ansible} -BuildRequires: %{ansible_build_dep} -%endif - -%if %{without ansible} -# We don't have ansible-galaxy. -# Simply copy everything instead of galaxy-installing the built artifact. -%define ansible_collection_build_install() tar -cf %{_tmppath}/%{collection_namespace}-%{collection_name}-%{version}.tar.gz .; mkdir -p %{buildroot}%{ansible_collection_files}%{collection_name}; (cd %{buildroot}%{ansible_collection_files}%{collection_name}; tar -xf %{_tmppath}/%{collection_namespace}-%{collection_name}-%{version}.tar.gz) -%else -%define ansible_collection_build_install() ansible-galaxy collection build; ansible-galaxy collection install -n -p %{buildroot}%{_datadir}/ansible/collections %{collection_namespace}-%{collection_name}-%{version}.tar.gz -%endif - # For each role, call either defcommit() or deftag(). The other macros # (%%id and %%shortid) can be then used in the same way in both cases. # This way the rest of the spec file des not need to know whether we are @@ -125,88 +86,87 @@ BuildRequires: %{ansible_build_dep} %%global rolestodir %%{?rolestodir} %%{roletodir%{1}} } -#%%defcommit 1 14314822b529520ac12964e0d2938c4bb18ab895 +%global mainid f8932b3155a3cb7579a2b3c453578f7bee6bb837 +Source: %{url}/auto-maintenance/archive/%{mainid}/auto-maintenance-%{mainid}.tar.gz + +# BEGIN AUTOGENERATED SOURCES %global rolename1 postfix -%deftag 1 1.2.0 +%deftag 1 1.3.6 -#%%defcommit 2 9fe6eb36772e83b53dcfb8ceb73608fd4f72eeda %global rolename2 selinux -%deftag 2 1.3.4 +%deftag 2 1.5.9 -#%%defcommit 3 cbe4bf262bffae3bf53e531662237741954c4182 %global rolename3 timesync -%deftag 3 1.6.6 +%deftag 3 1.7.5 -#%%defcommit 4 02fc72b482e165472624b2f68eecd2ddce1d93b1 %global rolename4 kdump -%deftag 4 1.2.2 +%deftag 4 1.2.9 -#%%defcommit 5 61423ed36fc6da6dbe8321912e896c59a2d8e2f6 %global rolename5 network -%deftag 5 1.7.1 +%deftag 5 1.11.4 -#%%defcommit 6 50d2b8ccc98a8f4cb9d1d550d21adc227181e9fa %global rolename6 storage -%deftag 6 1.7.0 +%deftag 6 1.9.8 -#%%defcommit 7 d57caa8ca506d8cbc7ca0f96f7cb62b7e965f163 %global rolename7 metrics -%deftag 7 1.5.1 +%deftag 7 1.8.4 -#%%defcommit 8 2b9e53233ee3a68bdb532e62f289733e436a6106 %global rolename8 tlog -%deftag 8 1.2.6 +%deftag 8 1.2.14 -#%%defcommit 9 9373303b98e09ef38df7afc8d06e5e55812096c7 %global rolename9 kernel_settings -%deftag 9 1.1.6 +%deftag 9 1.1.15 -#%%defcommit 10 20dd3e5520ca06dcccaa9b3f1fb428d055e0c23f %global rolename10 logging -%deftag 10 1.8.1 +%deftag 10 1.11.7 -#%%defcommit 11 c57d0b1f3384c525738fa26ba4bdca485e162567 %global rolename11 nbde_server -%deftag 11 1.1.2 +%deftag 11 1.3.5 -#%%defcommit 12 bef2fad5e365712d1f40e53662490ba2550a253f %global rolename12 nbde_client -%deftag 12 1.2.2 +%deftag 12 1.2.13 -#%%defcommit 13 310fc53db04e8d3134524afb7a89b0477a2ffb83 %global rolename13 certificate -%deftag 13 1.1.3 +%deftag 13 1.1.11 -#%%defcommit 14 b2a9857ac661fa32e66666e444b73bfdb34cdf95 %global rolename14 crypto_policies -%deftag 14 1.2.3 +%deftag 14 1.2.9 %global forgeorg15 https://github.com/willshersystems %global repo15 ansible-sshd %global rolename15 sshd -%defcommit 15 214df35c0bee77b5d69f49c2da269251d451b28f -#%%deftag 15 v0.14.1 +%deftag 15 v0.19.0 -#%%defcommit 16 59b9fd7b25607d8bd33bdb082748955f2652846a %global rolename16 ssh -%deftag 16 1.1.4 +%deftag 16 1.1.15 -#%%defcommit 17 f901239cb91878719c9e7461760ef8d4789d626d %global rolename17 ha_cluster -%deftag 17 1.4.1 +%deftag 17 1.9.2 -#%%defcommit 18 5f6cb73e6753fbdbb219b7d3079f0378b2d3bdb3 %global rolename18 vpn -%deftag 18 1.3.2 +%deftag 18 1.5.6 %global rolename19 firewall -%deftag 19 1.1.0 +%deftag 19 1.4.4 %global rolename20 cockpit -%deftag 20 1.2.1 +%deftag 20 1.4.5 + +%global rolename21 podman +%deftag 21 1.1.5 + +%global rolename22 ad_integration +%deftag 22 1.1.0 + +%global rolename23 rhc +%deftag 23 1.1.2 + +%global rolename24 journald +%deftag 24 1.0.3 + +#%%global rolename25 postgresql +#%%deftag 25 1.0.3 -%global mainid 5e7bb389fc5e93184871b3907e75ba896874dc21 -Source: %{url}/auto-maintenance/archive/%{mainid}/auto-maintenance-%{mainid}.tar.gz Source1: %{archiveurl1} Source2: %{archiveurl2} Source3: %{archiveurl3} @@ -227,25 +187,27 @@ Source17: %{archiveurl17} Source18: %{archiveurl18} Source19: %{archiveurl19} Source20: %{archiveurl20} +Source21: %{archiveurl21} +Source22: %{archiveurl22} +Source23: %{archiveurl23} +Source24: %{archiveurl24} +#Source25: %{archiveurl25} +# END AUTOGENERATED SOURCES -# Collection tarballs from Automation Hub -# Not used on Fedora. -Source801: ansible-posix-1.3.0.tar.gz +# Includes with definitions/tags that differ between RHEL and Fedora +Source1001: extrasources.inc -# Collection tarballs from Galaxy -# Not used on Fedora. -Source901: community-general-4.6.0.tar.gz +%include %{SOURCE1001} -# Script to convert the collection README to Automation Hub. -# Not used on Fedora. -Source998: collection_readme.sh +# Includes with ansible_collection_build/_install that differ between RHEL versions +Source1002: ansible-packaging.inc -Patch51: network-disable-bondtests.diff +%include %{SOURCE1002} -Patch61: Bug-2098227-storage-role-cannot-set-mount_options-for-volumes.patch -Patch62: Bug-2098226-storage-role-raid_level-striped-is-not-supported.patch +Source1003: vendoring-prep.inc +Source1004: vendoring-build.inc -Patch1501: ansible-sshd.patch +Source995: CHANGELOG.md BuildArch: noarch @@ -262,22 +224,9 @@ BuildRequires: highlight # Requirements for galaxy_transform.py BuildRequires: python3 -%if 0%{?fedora} || 0%{?rhel} >= 8 -BuildRequires: %{py3_dist ruamel.yaml} -%else -BuildRequires: python3-ruamel-yaml -%endif - -Obsoletes: rhel-system-roles-techpreview < 1.0-3 +BuildRequires: python%{python3_pkgversion}-ruamel-yaml -%if %{undefined __ansible_provides} -Provides: ansible-collection(%{collection_namespace}.%{collection_name}) = %{collection_version} -%endif -# be compatible with the usual Fedora Provides: -Provides: ansible-collection-%{collection_namespace}-%{collection_name} = %{version}-%{release} - -# We need to put %%description within the if block to avoid empty -# lines showing up. +# We must put %%description within the if block to avoid empty lines showing up. %if 0%{?rhel} %description Collection of Ansible roles and modules that provide a stable and @@ -298,20 +247,31 @@ Summary: Collection artifact to import to Automation Hub / Ansible Galaxy Collection artifact for %{name}. This package contains %{collection_namespace}-%{collection_name}-%{version}.tar.gz %endif +# Fix issue with package update introduce with changing symlink to directory +# in 1.21.1-5 +%pretrans -p +roles = { + "certificate", "cockpit", "crypto_policies", "firewall", "ha_cluster", + "kdump", "kernel_settings", "logging", "metrics", "nbde_client", + "nbde_server", "network", "postfix", "selinux", "ssh", "sshd", "storage", + "timesync", "tlog", "vpn" +} +for i,v in ipairs(roles) do + path = "/usr/share/ansible/roles/linux-system-roles." .. v + st = posix.stat(path) + if st and st.type == "link" then + os.remove(path) + end +end + %prep -%setup -q -a1 -a2 -a3 -a4 -a5 -a6 -a7 -a8 -a9 -a10 -a11 -a12 -a13 -a14 -a15 -a16 -a17 -a18 -a19 -a20 -n %{getarchivedir 0} - -for file in %_sourcedir/*.tar.gz; do - if [[ "$file" =~ %_sourcedir/([^-]+)-([^-]+)-(.+).tar.gz ]]; then - ns=${BASH_REMATCH[1]} - name=${BASH_REMATCH[2]} - ver=${BASH_REMATCH[3]} - mkdir -p .external/$ns/$name - pushd .external/$ns/$name > /dev/null - tar xfz "$file" - popd > /dev/null - fi -done +# BEGIN AUTOGENERATED SETUP +%setup -q -a1 -a2 -a3 -a4 -a5 -a6 -a7 -a8 -a9 -a10 -a11 -a12 -a13 -a14 -a15 -a16 -a17 -a18 -a19 -a20 -a21 -a22 -a23 -a24 -n %{getarchivedir 0} +#%%setup -q -a1 -a2 -a3 -a4 -a5 -a6 -a7 -a8 -a9 -a10 -a11 -a12 -a13 -a14 -a15 -a16 -a17 -a18 -a19 -a20 -a21 -a22 -a23 -a24 -a25 -n %{getarchivedir 0} +# END AUTOGENERATED SETUP + +# vendoring prep steps, if any +%include %{SOURCE1003} declare -A ROLESTODIR=(%{rolestodir}) for rolename in %{rolenames}; do @@ -328,25 +288,23 @@ for rolename in %{rolenames}; do mv "$dir_from_archive" ${rolename} done +%if 0%{?rhel} cd %{rolename2}/tests # this test causes avcs we want to ignore sed -r -i -e '/hosts: all/a\ tags:\ - tests::avc' tests_selinux_disabled.yml cd ../.. +%endif -cd %{rolename5} -%patch51 -p1 -cd .. -cd %{rolename6} -%patch61 -p1 -%patch62 -p1 -cd .. cd %{rolename15} -%patch1501 -p1 -sed -r -i -e "s/ansible-sshd/linux-system-roles.sshd/" tests/*.yml examples/*.yml -sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" tests/*.yml examples/*.yml README.md -sed -r -i -e "s/min_ansible_version: 2.8/min_ansible_version: 2.9/" meta/main.yml +find -P tests examples -name \*.yml | while read file; do + sed -r -i -e "s/willshersystems:ansible-sshd/system_role:sshd/" \ + -e "s/ansible-sshd/linux-system-roles.sshd/" \ + -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" "$file" +done +sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" README.md +sed -r -i -e 's/min_ansible_version: 2.8/min_ansible_version: "2.9"/' meta/main.yml cd .. cd %{rolename7} @@ -362,58 +320,8 @@ if [ "$rolesdir" != "$realrolesdir" ]; then fi cd .. -%if 0%{?rhel} -# Unpack tar.gz to retrieve to be vendored modules and place them in the roles library. -# ansible.posix: -# - library: -# - Module selinux and seboolean for the selinux role -# - Module mount for the storage role -declare -A module_map=( ["selinux.py"]="selinux" ["seboolean.py"]="selinux" ["mount.py"]="storage" ) -for module in "${!module_map[@]}"; do - role="${module_map[${module}]}" - if [ ! -d $role/library ]; then - mkdir $role/library - fi - cp -pL .external/ansible/posix/plugins/modules/$module $role/library/$module - sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' -e "s/ansible_collections.ansible.posix.plugins.module_utils/ansible.module_utils.${role}_lsr/" $role/library/$module -done - -# ansible.posix: -# - module_utils: -# - Module_util mount for the storage role -module_map=( ["mount.py"]="storage" ) -for module in "${!module_map[@]}"; do - role="${module_map[${module}]}" - if [ ! -d $role/module_utils/${role}_lsr ]; then - mkdir -p $role/module_utils/${role}_lsr - fi - cp -pL .external/ansible/posix/plugins/module_utils/$module $role/module_utils/${role}_lsr/$module - sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module -done - -# community.general: -# - library: -# - Module seport, sefcontext and selogin for the selinux role rolename2 -# - Module ini_file for role tlog -module_map=( ["seport.py"]="selinux" ["sefcontext.py"]="selinux" ["selogin.py"]="selinux" ["ini_file.py"]="tlog" ) -for module in "${!module_map[@]}"; do - role="${module_map[${module}]}" - if [ ! -d $role/library ]; then - mkdir $role/library - fi - cp -pL .external/community/general/plugins/modules/$module $role/library/$module - ls -alrtF $role/library/$module - sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module -done -%endif - -# Replacing "linux-system-roles.rolename" with "rhel-system-roles.rolename" in each role -%if "%{roleprefix}" != "linux-system-roles." -for rolename in %{rolenames}; do - find $rolename -type f -exec \ - sed "s/linux-system-roles[.]${rolename}\\>/%{roleprefix}${rolename}/g" -i {} \; -done -%endif +# vendoring build steps, if any +%include %{SOURCE1004} # Removing symlinks in tests/roles for rolename in %{rolenames}; do @@ -435,14 +343,25 @@ rm %{rolename5}/tests/ensure_provider_tests.py # Drop storage tests/scripts rm -rf %{rolename6}/tests/scripts +# fix system_roles fingerprint in "external" roles +python3 lsr_fingerprint.py + # transform ambiguous #!/usr/bin/env python shebangs to python3 to stop brp-mangle-shebangs complaining find -type f -executable -name '*.py' -exec \ sed -i -r -e '1s@^(#! */usr/bin/env python)(\s|$)@#\13\2@' '{}' + %build %if %{with html} +# HACK HACK HACK +# pandoc/asciidoc on rhel 8.9 does not like the journald README badge links +# remove all of the badge links from all README.md files +# in the first 14 lines of the file, remove any line that looks like a +# github action badge +# HACK HACK HACK readmes="" +matchstr="actions/workflows/" for role in %{rolenames}; do + sed -e "1,14 {\\,${matchstr},d; /\!\[/d}" -i $role/README.md readmes="${readmes} $role/README.md" done sh md2html.sh $readmes @@ -452,7 +371,7 @@ mkdir .collections %if 0%{?rhel} # Convert the upstream collection readme to the downstream one %{SOURCE998} lsr_role2collection/collection_readme.md -./galaxy_transform.py "%{collection_namespace}" "%{collection_name}" "%{collection_version}" \ +%{python3} ./galaxy_transform.py "%{collection_namespace}" "%{collection_name}" "%{collection_version}" \ "Red Hat Enterprise Linux System Roles Ansible Collection" \ "https://linux-system-roles.github.io" \ "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/administration_and_configuration_tasks_using_system_roles_in_rhel" \ @@ -474,13 +393,20 @@ for role in %{rolenames}; do includes="$includes --include $role" %if 0%{?rhel} # we vendor-in all of the dependencies on rhel, so remove them - rm -f "$role/meta/requirements.yml" + rm -f "$role/meta/requirements.yml" "$role/meta/collection-requirements.yml" \ + "$role/tests/collection-requirements.yml" %endif done -LANG=en_US.utf-8 LC_ALL=en_US.utf-8 python3 release_collection.py --galaxy-yml galaxy.yml \ +# do not process changelogs on RHEL +%if 0%{?rhel} +extra_mapping="--extra-mapping fedora.linux_system_roles:%{collection_namespace}.%{collection_name}" +%else +extra_mapping="" +%endif +LANG=C.utf-8 LC_ALL=C.utf-8 %{python3} release_collection.py --galaxy-yml galaxy.yml \ --src-path $(pwd) --dest-path $(pwd)/.collections $includes --force --no-update \ - --src-owner %{name} --skip-git --skip-check --debug + --src-owner %{name} --skip-git --skip-check --skip-changelog $extra_mapping --debug # Remove table of contents from logging README.md # It is not needed for html and AH/Galaxy @@ -496,95 +422,125 @@ for role in %{rolenames}; do .collections/ansible_collections/%{collection_namespace}/%{collection_name}/roles/$role/README.md done +# Remove test only collection dependencies +# NOTE: These should not be in meta/collection-requirements.yml, they should be +# in tests/collection-requirements.yml, but they can't be moved yet +sed -i -e '/community[.]mysql:/d' -e '/community[.]postgresql:/d' \ + .collections/ansible_collections/%{collection_namespace}/%{collection_name}/galaxy.yml + +cp %{SOURCE995} \ + .collections/ansible_collections/%{collection_namespace}/%{collection_name}/docs/CHANGELOG.md +%if 0%{?rhel} +cp %{SOURCE996} \ + .collections/ansible_collections/%{collection_namespace}/%{collection_name}/CHANGELOG.rst +%endif + +# Build the collection +pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/ +%ansible_collection_build +popd + %install -mkdir -p $RPM_BUILD_ROOT%{installbase} -mkdir -p $RPM_BUILD_ROOT%{_datadir}/ansible/roles +mkdir -p %{buildroot}%{ansible_roles_dir} for role in %{rolenames}; do - cp -pR "$role" "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role" + cp -pR "$role" "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role" done -%if 0%{?rolealtprefix:1} +%if 0%{?rhel} +# Create symlinks for roles in /usr/share/ansible/roles/linux-system-roles.$rolename +# That's required to make roles work with upstream naming too for role in %{rolenames}; do - ln -s "%{rolealtrelpath}%{roleinstprefix}$role" "$RPM_BUILD_ROOT%{_datadir}/ansible/roles/%{rolealtprefix}$role" + ln -s "%{name}.$role" "%{buildroot}%{ansible_roles_dir}/linux-system-roles.$role" done %endif -mkdir -p $RPM_BUILD_ROOT%{_pkglicensedir} -rm $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}network/examples/roles +mkdir -p %{buildroot}%{_pkglicensedir} +rm %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}network/examples/roles for role in %{rolenames}; do - mkdir -p "$RPM_BUILD_ROOT%{_pkgdocdir}/$role" - cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/README.md" \ - "$RPM_BUILD_ROOT%{_pkgdocdir}/$role" + mkdir -p "%{buildroot}%{_pkgdocdir}/$role" + ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/CHANGELOG.md" \ + "%{buildroot}%{_pkgdocdir}/$role" + ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.md" \ + "%{buildroot}%{_pkgdocdir}/$role" %if %{with html} - cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/README.html" \ - "$RPM_BUILD_ROOT%{_pkgdocdir}/$role" + ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.html" \ + "%{buildroot}%{_pkgdocdir}/$role" %endif - if [ -f "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/COPYING" ]; then - cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/COPYING" \ - "$RPM_BUILD_ROOT%{_pkglicensedir}/$role.COPYING" + if [ -f "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" ]; then + ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" \ + "%{buildroot}%{_pkglicensedir}/$role.COPYING" fi - if [ -f "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/LICENSE" ]; then - cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/LICENSE" \ - "$RPM_BUILD_ROOT%{_pkglicensedir}/$role.LICENSE" + if [ -f "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/LICENSE" ]; then + ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/LICENSE" \ + "%{buildroot}%{_pkglicensedir}/$role.LICENSE" fi - if [ -d "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples" ]; then - for file in "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples/"*.yml ; do - basename=$(basename "$file" .yml) - newname="$basename" - if [[ "$newname" != example-* ]]; then - newname="example-$newname" - fi - if [[ "$newname" != *-playbook ]]; then - newname="${newname}-playbook" + if [ -d "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples" ]; then + for file in "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples/"* ; do + if [[ "$file" == *.yml ]]; then + basename=$(basename "$file" .yml) + newname="$basename" + if [[ "$newname" != example-* ]]; then + newname="example-$newname" + fi + if [[ "$newname" != *-playbook ]]; then + newname="${newname}-playbook" + fi + cp "$file" "%{buildroot}%{_pkgdocdir}/$role/${newname}.yml" + else + cp "$file" "%{buildroot}%{_pkgdocdir}/$role" fi - cp "$file" "$RPM_BUILD_ROOT%{_pkgdocdir}/$role/${newname}.yml" rm "$file" done - if [ -f "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples/inventory" ]; then - cp "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples/inventory" \ - "$RPM_BUILD_ROOT%{_pkgdocdir}/$role/example-inventory" - rm "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples/inventory" + if [ -f "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples/inventory" ]; then + cp "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples/inventory" \ + "%{buildroot}%{_pkgdocdir}/$role/example-inventory" + rm "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples/inventory" fi # special case for network # this will error if the directory is unexpectedly empty - rmdir "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples" + rmdir "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples" fi done -rm $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}*/semaphore -rm -r $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}*/molecule +rm -f %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/semaphore +rm -r %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/molecule -rm -r $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}*/.[A-Za-z]* -rm $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}*/tests/.git* +rm -r %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/.[A-Za-z]* +rm %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/tests/.git* # NOTE: sshd/examples/example-root-login.yml is # referenced in the configuring-openssh-servers-using-the-sshd-system-role documentation module # must be updated if changing the file path +# Install the collection pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/ -%ansible_collection_build_install +%ansible_collection_install popd -mkdir -p $RPM_BUILD_ROOT%{_pkgdocdir}/collection -mkdir -p $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles +mkdir -p %{buildroot}%{_pkgdocdir}/collection +mkdir -p %{buildroot}%{_pkgdocdir}/collection/roles -cp -p %{buildroot}%{ansible_collection_files}%{collection_name}/README.md \ - $RPM_BUILD_ROOT%{_pkgdocdir}/collection +ln -sr %{buildroot}%{ansible_collection_files}%{collection_name}/README.md \ + %{buildroot}%{_pkgdocdir}/collection for rolename in %{rolenames}; do - if [ -f %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/README.md ]; then - mkdir -p $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${rolename} - cp -p %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/README.md \ - $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${rolename} - fi + for file in CHANGELOG.md README.md; do + if [ -f %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file ]; then + if [ ! -d %{buildroot}%{_pkgdocdir}/collection/roles/${rolename} ]; then + mkdir -p %{buildroot}%{_pkgdocdir}/collection/roles/${rolename} + fi + ln -sr %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file \ + %{buildroot}%{_pkgdocdir}/collection/roles/${rolename} + fi + done done %if %{with html} -# converting README.md to README.html for collection in $RPM_BUILD_ROOT%{_pkgdocdir}/collection -readmes="$RPM_BUILD_ROOT%{_pkgdocdir}/collection/README.md" +# converting README.md to README.html for collection in %%{buildroot}%%{_pkgdocdir}/collection +readmes="%{buildroot}%{_pkgdocdir}/collection/README.md" for role in %{rolenames}; do - readmes="${readmes} $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${role}/README.md" + readmes="${readmes} %{buildroot}%{_pkgdocdir}/collection/roles/${role}/README.md" done sh md2html.sh $readmes %endif @@ -592,21 +548,21 @@ sh md2html.sh $readmes %if %{with collection_artifact} # Copy collection artifact to /usr/share/ansible/collections/ for collection-artifact pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/ -if [ -f %{collection_namespace}-%{collection_name}-%{version}.tar.gz ]; then mv %{collection_namespace}-%{collection_name}-%{version}.tar.gz \ - $RPM_BUILD_ROOT%{_datadir}/ansible/collections/ -fi + %{buildroot}%{_datadir}/ansible/collections/ popd %endif -# generate the %files section in the file files_section.txt +# Generate the %%files section in files_section.txt +# Bulk files inclusion is not possible because roles store doc and licence +# files together with other files format_item_for_files() { # $1 is directory or file name in buildroot - # $2 - if true, and item is a directory, use %dir + # $2 - if true, and item is a directory, use %%dir local item local files_item - item="$1" - files_item=${item##"%{buildroot}"} + item="$1" # full path including buildroot + files_item=${item##"%{buildroot}"} # path with cut buildroot to be added to %%files if [ -L "$item" ]; then echo "$files_item" elif [ -d "$item" ]; then @@ -617,16 +573,16 @@ format_item_for_files() { else echo "$files_item" fi - elif [[ "$item" == */README.md ]] || [[ "$item" == */README.html ]]; then + elif [[ "$item" == */README.md ]] || [[ "$item" == */README.html ]] || [[ "$item" == */CHANGELOG.md ]]; then if [[ "$item" == */private_* ]]; then - # mark as regular file, not %doc + # mark as regular file, not %%doc echo "$files_item" else echo "%doc $files_item" fi - elif [[ "$item" != */COPYING* ]] && [[ "$item" != */LICENSE* ]]; then - # Avoid dynamically using the license macro since the license macro - # is replaced with the value of License directive in the older rpmbuild. + elif [[ "$item" == */COPYING* ]] || [[ "$item" == */LICENSE* ]]; then + echo "%""%""license" "$files_item" + else echo "$files_item" fi } @@ -634,15 +590,7 @@ format_item_for_files() { files_section=files_section.txt rm -f $files_section touch $files_section -%if %{without ansible} -echo '%dir %{_datadir}/ansible' >> $files_section -echo '%dir %{_datadir}/ansible/roles' >> $files_section -%endif -%if "%{installbase}" != "%{_datadir}/ansible/roles" -echo '%dir %{installbase}' >> $files_section -%endif -echo '%dir %{ansible_collection_files}' >> $files_section -echo '%dir %{ansible_collection_files}%{collection_name}' >> $files_section +# Dynamically generate files section entries for %%{ansible_collection_files} find %{buildroot}%{ansible_collection_files}%{collection_name} -mindepth 1 -maxdepth 1 | \ while read item; do if [[ "$item" == */roles ]]; then @@ -658,7 +606,8 @@ find %{buildroot}%{ansible_collection_files}%{collection_name} -mindepth 1 -maxd fi done -find %{buildroot}%{installbase} -mindepth 1 -maxdepth 1 | \ +# Dynamically generate files section entries for %%{ansible_roles_dir} +find %{buildroot}%{ansible_roles_dir} -mindepth 1 -maxdepth 1 | \ while read item; do if [ -d "$item" ]; then format_item_for_files "$item" true >> $files_section @@ -669,46 +618,23 @@ find %{buildroot}%{installbase} -mindepth 1 -maxdepth 1 | \ format_item_for_files "$item" >> $files_section fi done -if [ "%{installbase}" != "%{_datadir}/ansible/roles" ]; then - find %{buildroot}%{_datadir}/ansible/roles -mindepth 1 -maxdepth 1 | \ - while read item; do - if [ -d "$item" ]; then - format_item_for_files "$item" true >> $files_section - find "$item" -mindepth 1 -maxdepth 1 | while read roles_item; do - format_item_for_files "$roles_item" >> $files_section - done - else - format_item_for_files "$item" >> $files_section - fi - done -fi -# cat files_section.txt -# done with files_section.txt generation - %files -f files_section.txt -%{_pkgdocdir}/*/README.md -%if %{with html} -%{_pkgdocdir}/*/README.html -%endif -%{_pkgdocdir}/*/example-* -%{_pkgdocdir}/collection/roles/*/README.md -%if %{with html} -%{_pkgdocdir}/collection/roles/*/README.html -%endif -%license %{_pkglicensedir}/* -%license %{installbase}/*/COPYING* -%license %{installbase}/*/LICENSE* -%license %{ansible_collection_files}/%{collection_name}/COPYING* -%license %{ansible_collection_files}/%{collection_name}/LICENSE* -%if 0%{?rhel} < 8 +%dir %{_datadir}/ansible +%dir %{ansible_roles_dir} +%dir %{ansible_collection_files} +%dir %{ansible_collection_files}%{collection_name} +%doc %{_pkgdocdir} +%license %{_pkglicensedir} + +%if 0%{?rhel} && 0%{?rhel} < 8 # Needs to list excluded files in this hardcoded style since when # format_item_for_files is executed, brp-python-bytecompile is not # executed yet. -%exclude %{installbase}/*/*.py? -%exclude %{installbase}/*/*/*.py? -%exclude %{installbase}/*/*/*/*.py? -%exclude %{installbase}/*/*/*/*/*.py? +%exclude %{ansible_roles_dir}/*/*.py? +%exclude %{ansible_roles_dir}/*/*/*.py? +%exclude %{ansible_roles_dir}/*/*/*/*.py? +%exclude %{ansible_roles_dir}/*/*/*/*/*.py? %exclude %{ansible_collection_files}/%{collection_name}/*/*/*.py? %exclude %{ansible_collection_files}/%{collection_name}/*/*/*/*.py? %exclude %{ansible_collection_files}/%{collection_name}/*/*/*/*/*.py? @@ -720,27 +646,294 @@ fi %endif %changelog -* Fri Jun 17 2022 Rich Megginson - 1.16.2-1.3 -- storage role cannot set mount_options for volumes - Resolves: rhbz#2098227 +* Wed May 10 2023 Rich Megginson - 1.21.2-1 +- Resolves:rhbz#2186913 : rhc - RHC system role: activation key registration fails if system is already registered +- Resolves:rhbz#2189194 : roles should support running with gather_facts: false +- Resolves:rhbz#2188332 : failing test podman/tests_basic.yml: Set per-container variables part 0 +- Resolves:rhbz#2188384 : failing test - sshd/tests_firewall_selinux.yml - No package matching 'firewalld' found available, installed or updated +- move vendoring into included files +- Resolves:rhbz#2175324 : use ansible-galaxy collection build/install instead of tar + +* Thu Apr 6 2023 Sergei Petrosian - 1.21.1-2 +- Resolves: rhbz#2185002 : Remove doc fragments from vendored modules +- Build collection artifact in the same directory on Fedora and RHEL + +* Thu Mar 16 2023 Rich Megginson - 1.21.1-1 +- Resolves:rhbz#2144877 : rhc - new role for subscription management/registration/insights +- includes the fix for tests_proxy.yml selinux and some test refactoring + +* Wed Feb 22 2023 Rich Megginson - 1.21.0-2 +- Resolves:rhbz#2144877 : rhc - new role for subscription management/registration/insights +- remove role until https://bugzilla.redhat.com/show_bug.cgi?id=2171829 is fixed + +* Mon Feb 20 2023 Rich Megginson - 1.21.0-1 +- Resolves:rhbz#2162617 : network - RedHat Role rhel-system-roles.network should route traffic via correct bond + +* Thu Feb 16 2023 Rich Megginson - 1.21.0-0.19 +- Resolves:rhbz#2144877 : rhc - new role for subscription management/registration/insights +- vendor in modules required by rhc role +- Resolves:rhbz#2167941 : ha_cluster - Fix stonith watchdog timeout + +* Wed Feb 15 2023 Rich Megginson - 1.21.0-0.18 +- Resolves:rhbz#2144877 : rhc - new role for subscription management/registration/insights +- ad_integration - fix issue with using the network role to configure DNS + +* Thu Feb 09 2023 Rich Megginson - 1.21.0-0.17 +- Resolves:rhbz#2164879 : selinux - managing modules is not idempotent +- Fix nbde_server test issue + +* Fri Feb 03 2023 Rich Megginson - 1.21.0-0.16 +- Resolves:rhbz#2165176 : journald - New role - journald - manage systemd-journald +- Resolves:rhbz#2159972 : nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data +- Resolves:rhbz#2164879 : selinux - managing modules is not idempotent +- fix storage tests_swap and tests_misc - swap size < 128GB on EL7 +- fix podman general-meta issue +- ha_cluster non-x86_64 tests issue +- certificate non-x86_64 tests issue + +* Fri Jan 20 2023 Rich Megginson - 1.21.0-0.15 +- Resolves:rhbz#2162788 : network - role should support running tests with ANSIBLE_GATHERING=explicit +- Resolves:rhbz#2149683 : Synchronize automation-related changes from Fedora spec file +- Fix ansible-test issues in several roles +- Fix nbde_server tang test failure + +* Fri Jan 13 2023 Rich Megginson - 1.21.0-0.14 +- Resolves:rhbz#2143814 : ha_cluster - Allow quorum device configuration +- Resolves:rhbz#2153081 : ha_cluster - Allow enabled SBD on disabled cluster +- Resolves:rhbz#2127497 : ha_cluster - use no_log in tasks looping over pot. secret parameters +- community.general 6.2.0 +- replace community.general with namespace.name for rhc role + +* Thu Jan 12 2023 Noriko Hosoi - 1.20.1-4 +- Resolves:rhbz#2138213: nbde_client - use fedora.linux_system_roles.nbde_server for tests + +* Thu Dec 15 2022 Rich Megginson - 1.21.0-0.13 +- Resolves:rhbz#2151355 : storage - [RHEL8] disks_needed need to be set for the raid test cases +- Resolves:rhbz#2154143 : storage - [RHEL8] tests_create_thinp_then_remove_scsi_generated.yml failed at "assertion": "(storage_test_expected_size|int - storage_test_actual_size.bytes)|abs / storage_test_expected_size|int < 0.01" +- Resolves:rhbz#2151342 : storage - [RHEL9] ansible.parsing.yaml.objects.AnsibleUnicode object' has no attribute 'bytes' +- Resolves:rhbz#2151351 : storage - [RHEL9 system role] storage role vdo tests failed about "VDO deduplication is off but it should not" + +* Thu Dec 15 2022 Rich Megginson - 1.21.0-0.12 +- Resolves:rhbz#2153080 - tlog - Unconditionally enable the files provider + +* Tue Dec 13 2022 Rich Megginson - 1.21.0-0.11 +- Resolves:rhbz#2130362 : logging - [RFE] convert logging role to use firewall, selinux role, and certificate role + fix basic-smoke-test failures + +* Mon Dec 12 2022 Rich Megginson - 1.21.0-0.10 +- Resolves:rhbz#2130019 : ha_cluster - [RFE] convert ha_cluster role to use firewall, selinux and certificate role +- Resolves:rhbz#2143458 : network - Support cloned MAC address +- Resolves:rhbz#2066864 : podman - [RFE] role for managing podman containers and systemd + +* Tue Dec 06 2022 Rich Megginson - 1.21.0-0.9 +- Resolves:rhbz#2144876 : ad_integration - [RFE] new role to support AD integration, join to AD domain + +* Mon Dec 05 2022 Rich Megginson - 1.21.0-0.8 +- Resolves:rhbz#2130362 : logging - [RFE] convert logging role to use firewall, selinux role, and certificate role + fix tests - tests_relp now uses logging_purge_confs + +* Tue Nov 29 2022 Rich Megginson - 1.21.0-0.7 +- Resolves:rhbz#2126960 : nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names + +* Tue Nov 29 2022 Rich Megginson - 1.21.0-0.6 +- Resolves:rhbz#2133931 : nbde_server - [RFE] convert nbde_server role to use firewall and selinux role + previous fix was not complete - needed additional fixes - ansible-lint 6.x fixes + +* Thu Nov 03 2022 Noriko Hosoi - 1.20.1-3 +- Resolves:rhbz#2138213: sshd - Fix the mismatched line numbers in the sshd patch. +- Resolves:rhbz#2094483: - metrics - document minimum supported redis version required by rhel-system-roles + +* Tue Sep 27 2022 Rich Megginson - 1.20.1-1 +- Resolves:rhbz#2129875 : ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles + +* Tue Aug 09 2022 Rich Megginson - 1.20.0-1 +- Resolves:rhbz#2115159 : cockpit - Add customization of port +- Resolves:rhbz#2100939 : firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID +- Resolves:rhbz#2115160 : firewall - support for firewall_config - gather firewall facts +- Resolves:rhbz#2112143 : logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs +- Resolves:rhbz#2115162 : selinux - Added setting of seuser and selevel for completeness +- Resolves:rhbz#2115161 : nbde_client - Sets proper spacing for parameter rd.neednet=1 +- Resolves:rhbz#2115884 : network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence +- Resolves:rhbz#2109997 : ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing +- Resolves:rhbz#2082391 : storage - [RHEL8] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior. + +* Fri Jul 01 2022 Rich Megginson - 1.19.3-1 +- min_ansible_version is string instead of float + +- fix storage test failures + +- support for ansible-core 2.13 + +- firewall - forward_port should accept list of string or list of dict + Resolves: rhbz#2101607 + +- firewall - support add/modify/delete services + Resolves: rhbz#2100297 + +- metrics - document minimum supported redis version required by rhel-system-roles + Resolves: rhbz#2100285 + +- metrics - restart pmie, pmlogger if changed, do not wait for handler + Resolves: rhbz#2100298 + +- network - Support managing the network through nmstate schema + Resolves: rhbz#2100979 + +- storage - support for adding/removing disks to/from storage pools + Resolves: rhbz#2066880 + +- storage - support for attaching cache volumes to existing volumes + Resolves: rhbz#2066881 + +* Wed Jun 15 2022 Rich Megginson - 1.19.2-1 +- sshd - fix ansible 2.9 support in meta/main.yml + Resolves: rhbz#2086935 (8.7.0) + +* Mon Jun 13 2022 Rich Megginson - 1.19.1-1 +- storage - fix coverity scan issue in blivet.py + Resolves: rhbz#2066876 (8.7.0) + +- logging - fix gather_facts/set_vars issue + Resolves: rhbz#2079008 (8.7.0) + +- ha_cluster - Move tasks that set up CI environment to roles tasks/ dir + Resolves: rhbz#2093500 (8.7.0) + +- sshd - fix tests issue with rhel9 hosts + +* Mon Jun 06 2022 Rich Megginson - 1.19.0-1 +- storage - support for creating and managing LVM thin pools/LVs + Resolves: rhbz#2066876 (8.7.0) + +- firewall - Update Ansible syntax in Firewall system role README.md file examples + Resolves: rhbz#2081839 (8.7.0) + - storage role raid_level "striped" is not supported - Resolves: rhbz#2098226 + Resolves: rhbz#2083426 (8.7.0) + +- network: the controller device is not completely cleaned up in the bond tests. + Resolves: rhbz#2089868 (8.7.0) + +- firewall - state no longer required for masquerade and ICMP block inversion + Resolves: rhbz#2093437 (8.7.0) + +- ha_cluster - Move tasks that set up CI environment to roles tasks/ dir + Resolves: rhbz#2093500 (8.7.0) + +* Thu May 26 2022 Rich Megginson - 1.18.0-1 +- firewall - [Improvement] Allow System Role to reset to default Firewalld Settings + Resolves: rhbz#2043009 (8.7.0) + +- metrics - [RFE] add an option to the metrics role to enable postfix metric collection + Resolves: rhbz#2079114 (8.7.0) + +- network - Rework the infiniband support + Resolves: rhbz#2086869 (8.7.0) + +- sshd - recurse into tests and examples sub-directories when replacing string in files + the sshd role latest version added sub-directories under tests that need + role name replacement - so just use find + +- sshd - sshd system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf" + Resolves: rhbz#2086934 (8.7.0) + +- sshd - sshd system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9 + Resolves: rhbz#2086935 (8.7.0) + +- storage - storage role cannot set mount_options for volumes + Resolves: rhbz#2083378 (8.7.0) + +* Mon Apr 25 2022 Rich Megginson - 1.17.0-1 +- All roles should support running with gather_facts: false + Resolves: rhbz#2079008 (8.7.0) + +- firewall - Firewall system role Ansible deprecation warning related to "include" + Resolves: rhbz#2078650 (8.7.0) + +- ha_cluster - ha_cluster - support advanced corosync configuration + Resolves: rhbz#2065339 (8.7.0) + +- ha_cluster - ha_cluster - support SBD fencing + Resolves: rhbz#2066868 (8.7.0) + +- ha_cluster - ha_cluster - add support for configuring bundle resources + Resolves: rhbz#2073518 (8.7.0) + +- kernel_settings - kernel_settings error configobj not found on RHEL 8.6 managed hosts + Resolves: rhbz#2060378 (8.7.0) + +- logging - logging tests fail during cleanup if no cloud-init on system + Resolves: rhbz#2058807 (8.7.0) + +- logging - Logging - RFE - support template, severity and facility options + Resolves: rhbz#2075116 (8.7.0) + +- metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run + Resolves: rhbz#2060377 (8.7.0) + +- metrics - metrics - consistently use ansible_managed in configuration files managed by role + Resolves: rhbz#2065215 (8.7.0) + +- metrics - [RFE] add an option to the metrics role to enable postfix metric collection + Resolves: rhbz#2079114 (8.7.0) + +- nbde_client - NBDE client system role does not support servers with static IP addresses + Resolves: rhbz#2071011 (8.7.0) + +- network - [RFE] Extend rhel-system-roles.network feature set to support routing rules + Resolves: rhbz#1996731 (8.7.0) + +- network - bond: fix typo in supporting the infiniband ports in active-backup mode + Resolves: rhbz#2064067 (8.7.0) + +- network - pytest failed when running with nm providers in the rhel-8.5 beaker machine + Resolves: rhbz#2065217 (8.7.0) + +- network - network - consistently use ansible_managed in configuration files managed by role + Resolves: rhbz#2065670 (8.7.0) + +- postfix - postfix - consistently use ansible_managed in configuration files managed by role + Resolves: rhbz#2065216 (8.7.0) + +- postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default + Resolves: rhbz#2065218 (8.7.0) -* Wed Apr 20 2022 Rich Megginson - 1.16.2-1.2 - sshd - FIPS mode detection in SSHD role is wrong - Resolves rhbz#2075536 (EL8) + Resolves: rhbz#2075338 (8.7.0) -* Thu Apr 14 2022 Rich Megginson - 1.16.2-1.1 -- Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default - Resolves rhbz#2074653 (EL8) +- storage - RFE storage Less verbosity by default + Resolves: rhbz#2056480 (8.7.0) -* Tue Mar 29 2022 Rich Megginson - 1.16.2-1 +- timesync - timesync: basic-smoke test failure in timesync/tests_ntp.yml + Resolves: rhbz#2060379 (8.7.0) + +- tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default + Resolves: rhbz#2072749 (8.7.0) + +* Thu Apr 07 2022 Rich Megginson - 1.16.3-1 +- tlog - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default + Resolves rhbz#2072749 (EL8) + Resolves rhbz#2071804 (EL9) + +* Wed Apr 06 2022 Sergei Petrosian - 1.16.2-2 +- Update community.general + +* Thu Mar 31 2022 Rich Megginson - 1.16.2-1 +- nbde_client - NBDE client system role does not support servers with static IP addresses + previous fix did not handle some other cases + Resolves rhbz#1985022 (EL8) + Resolves rhbz#2031555 (EL9) + +* Tue Mar 29 2022 Rich Megginson - 1.16.1-1 - nbde_client - NBDE client system role does not support servers with static IP addresses previous fix did not handle some cases Resolves rhbz#1985022 (EL8) Resolves rhbz#2031555 (EL9) -* Fri Mar 18 2022 Rich Megginson - 1.16.1-1 +* Tue Mar 22 2022 Sergei Petrosian - 1.16.0-2 +- Update community.general + +* Tue Mar 15 2022 Rich Megginson - 1.16.0-1 - network - pytest failed when running with nm providers in the rhel-8.5 beaker machine Resolves rhbz#2064396 (EL8) Resolves rhbz#2064401 (EL9) @@ -750,15 +943,6 @@ fi - network - consistently use ansible_managed in configuration files managed by role Resolves rhbz#2057656 (EL8) Resolves rhbz#2057657 (EL9) - -* Thu Mar 17 2022 Rich Megginson - 1.16.0-3 -- remove unneeded metrics patch due to rebase - -* Thu Mar 17 2022 Rich Megginson - 1.16.0-2 -- remove unneeded metrics patch due to rebase -- fix bogus date in changelog - -* Tue Mar 15 2022 Rich Megginson - 1.16.0-1 - metrics - consistently use ansible_managed in configuration files managed by role Resolves rhbz#2057645 (EL8) Resolves rhbz#2057647 (EL9) @@ -783,7 +967,7 @@ fi Resolves rhbz#2058655 (EL8) Resolves rhbz#2058777 (EL9) -* Tue Feb 22 2022 Rich Megginson - 1.15.0-1 +* Thu Feb 24 2022 Rich Megginson - 1.15.0-1 - firewall - ensure target changes take effect immediately Resolves rhbz#2057172 (EL8) Resolves rhbz#2057164 (EL9)