Update 1.23.0-1
- Resolves: RHEL-5345 spec - Remove with_html, instead use built-in .README.html - Resolves: RHEL-5985 ansible-sshd - Manage SSH certificates - rhbz#2224648: Remove ad_integration patch and use the latest ad_integration version instead. Vendor community-general.ini_files for - RHEL-1119: ad_integration: Support for dynamic DNS Updates - Change link to open new issue in galaxy.yml from deprecated BZ to Jira
This commit is contained in:
parent
44302dfdc5
commit
2f1534c8c5
29
.gitignore
vendored
29
.gitignore
vendored
@ -208,3 +208,32 @@ SOURCES/vpn-1.5.3.tar.gz
|
||||
/kdump-1.3.6.tar.gz
|
||||
/storage-1.12.3.tar.gz
|
||||
/firewall-1.6.3.tar.gz
|
||||
/ad_integration-1.2.2.tar.gz
|
||||
/ansible-sshd-v0.21.0.tar.gz
|
||||
/auto-maintenance-eadd06cfa98d244b096cff24cd11b668428b1613.tar.gz
|
||||
/certificate-1.2.2.tar.gz
|
||||
/cockpit-1.4.8.tar.gz
|
||||
/crypto_policies-1.2.12.tar.gz
|
||||
/firewall-1.6.4.tar.gz
|
||||
/ha_cluster-1.10.1.tar.gz
|
||||
/journald-1.0.6.tar.gz
|
||||
/kdump-1.3.8.tar.gz
|
||||
/kernel_settings-1.1.18.tar.gz
|
||||
/keylime_server-1.0.1.tar.gz
|
||||
/metrics-1.8.7.tar.gz
|
||||
/nbde_client-1.2.15.tar.gz
|
||||
/nbde_server-1.3.9.tar.gz
|
||||
/network-1.13.2.tar.gz
|
||||
/podman-1.3.3.tar.gz
|
||||
/postfix-1.3.9.tar.gz
|
||||
/postgresql-1.1.1.tar.gz
|
||||
/rhc-1.2.5.tar.gz
|
||||
/selinux-1.6.3.tar.gz
|
||||
/ssh-1.2.2.tar.gz
|
||||
/storage-1.12.4.tar.gz
|
||||
/systemd-1.0.2.tar.gz
|
||||
/timesync-1.7.7.tar.gz
|
||||
/tlog-1.2.17.tar.gz
|
||||
/vpn-1.5.9.tar.gz
|
||||
/community-general-7.4.0.tar.gz
|
||||
/logging-1.11.10.tar.gz
|
||||
|
@ -1,127 +0,0 @@
|
||||
From 1931ebccaa146bd6ee8365c664ab62d294adaa31 Mon Sep 17 00:00:00 2001
|
||||
From: Rich Megginson <rmeggins@redhat.com>
|
||||
Date: Fri, 18 Aug 2023 12:35:44 -0600
|
||||
Subject: [PATCH] fix: use command stdin for password, and do not log password
|
||||
|
||||
Cause: The code was constructing the realm join command to be passed
|
||||
via the shell module, including piping the password into the command,
|
||||
and was showing the command, including the password, when using
|
||||
check mode.
|
||||
|
||||
Consequence: The clear text password was available in the logs when
|
||||
using check mode.
|
||||
|
||||
Fix: Use command with stdin for the password instead of shell. The
|
||||
password is not part of the command. command with stdin is more
|
||||
secure than using shell. The debug output has been changed to
|
||||
show the command with the `ad_integration_join_parameters` removed,
|
||||
because we cannot know if those parameters contain data which should
|
||||
not be logged. Those parameters will still be passed to the actual
|
||||
realm join command.
|
||||
|
||||
Result: The password is not logged. The role is more secure.
|
||||
|
||||
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
|
||||
---
|
||||
tasks/main.yml | 57 ++++++++++++++++++++++++++++----------------------
|
||||
1 file changed, 32 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git a/tasks/main.yml b/tasks/main.yml
|
||||
index fe2602e..265c6fe 100644
|
||||
--- a/tasks/main.yml
|
||||
+++ b/tasks/main.yml
|
||||
@@ -3,8 +3,7 @@
|
||||
- name: Ensure that mandatory variable ad_integration_realm is available
|
||||
fail:
|
||||
msg: Variable ad_integration_realm must be provided!
|
||||
- when:
|
||||
- - not ad_integration_realm
|
||||
+ when: not ad_integration_realm
|
||||
|
||||
- name: Assume managing timesync if timesource is set
|
||||
set_fact:
|
||||
@@ -26,8 +25,7 @@
|
||||
- name: Assume managing crypto policies if allow_rc4_crypto is set
|
||||
set_fact:
|
||||
ad_integration_manage_crypto_policies: true
|
||||
- when:
|
||||
- - ad_integration_allow_rc4_crypto | bool
|
||||
+ when: ad_integration_allow_rc4_crypto | bool
|
||||
|
||||
- name: Ensure manage_crypt_policies is set with crypto_allow_rc4
|
||||
fail:
|
||||
@@ -141,41 +139,50 @@
|
||||
|
||||
- name: Build Command - Join to a specific Domain Controller
|
||||
set_fact:
|
||||
- __ad_integration_join_command: |
|
||||
- set -euo pipefail
|
||||
- echo {{ ad_integration_password | quote }} | realm join -U \
|
||||
- {{ ad_integration_user | quote }} --membership-software \
|
||||
- {{ ad_integration_membership_software | quote }} \
|
||||
- {{ ad_integration_join_parameters }} \
|
||||
- {{ ad_integration_join_to_dc | quote }}
|
||||
+ __ad_integration_join_command: >-
|
||||
+ realm join -U {{ ad_integration_user | quote }} --membership-software
|
||||
+ {{ ad_integration_membership_software | quote }}
|
||||
+ {{ ad_integration_join_parameters }}
|
||||
+ {{ ad_integration_join_to_dc | quote }}
|
||||
+ __ad_integration_debug_command: >-
|
||||
+ realm join -U {{ ad_integration_user | quote }} --membership-software
|
||||
+ {{ ad_integration_membership_software | quote }}
|
||||
+ {{ ad_integration_join_to_dc | quote }}
|
||||
no_log: true
|
||||
- when:
|
||||
- - ad_integration_join_to_dc is not none
|
||||
+ when: ad_integration_join_to_dc is not none
|
||||
|
||||
- name: Build Join Command - Perform discovery-based realm join operation
|
||||
set_fact:
|
||||
- __ad_integration_join_command: |
|
||||
- set -euo pipefail
|
||||
- echo {{ ad_integration_password | quote }} | realm join -U \
|
||||
- {{ ad_integration_user | quote }} --membership-software \
|
||||
- {{ ad_integration_membership_software | quote }} \
|
||||
- {{ ad_integration_join_parameters }} \
|
||||
- {{ ad_integration_realm | quote }}
|
||||
+ __ad_integration_join_command: >-
|
||||
+ realm join -U {{ ad_integration_user | quote }} --membership-software
|
||||
+ {{ ad_integration_membership_software | quote }}
|
||||
+ {{ ad_integration_join_parameters }}
|
||||
+ {{ ad_integration_realm | quote }}
|
||||
+ __ad_integration_debug_command: >-
|
||||
+ realm join -U {{ ad_integration_user | quote }} --membership-software
|
||||
+ {{ ad_integration_membership_software | quote }}
|
||||
+ {{ ad_integration_realm | quote }}
|
||||
no_log: true
|
||||
- when:
|
||||
- - ad_integration_join_to_dc is none
|
||||
+ when: ad_integration_join_to_dc is none
|
||||
|
||||
- name: Show the join command for debug
|
||||
debug:
|
||||
- msg: "Would run: '{{ __ad_integration_join_command }}'"
|
||||
+ msg:
|
||||
+ - >-
|
||||
+ Would run the following command. Note that
|
||||
+ ad_integration_join_parameters have been removed for security purposes,
|
||||
+ the role will pass them to the actual realm join command when running
|
||||
+ without check mode.
|
||||
+ - "{{ __ad_integration_debug_command }}"
|
||||
when:
|
||||
- ad_integration_join_to_dc == __ad_integration_sample_dc
|
||||
or ad_integration_realm == __ad_integration_sample_realm
|
||||
or ansible_check_mode
|
||||
|
||||
- name: Run realm join command
|
||||
- # noqa command-instead-of-shell
|
||||
- shell: "{{ __ad_integration_join_command }}"
|
||||
+ command: "{{ __ad_integration_join_command }}"
|
||||
+ args:
|
||||
+ stdin: "{{ ad_integration_password }}"
|
||||
no_log: true
|
||||
when:
|
||||
- ad_integration_join_to_dc != __ad_integration_sample_dc
|
||||
--
|
||||
2.41.0
|
||||
|
@ -1,9 +1,9 @@
|
||||
Source801: https://galaxy.ansible.com/download/ansible-posix-1.5.4.tar.gz
|
||||
Source901: https://galaxy.ansible.com/download/community-general-7.3.0.tar.gz
|
||||
Source901: https://galaxy.ansible.com/download/community-general-7.4.0.tar.gz
|
||||
Source902: https://galaxy.ansible.com/download/containers-podman-1.10.3.tar.gz
|
||||
|
||||
Provides: bundled(ansible-collection(ansible.posix)) = 1.5.4
|
||||
Provides: bundled(ansible-collection(community.general)) = 7.3.0
|
||||
Provides: bundled(ansible-collection(community.general)) = 7.4.0
|
||||
Provides: bundled(ansible-collection(containers.podman)) = 1.10.3
|
||||
|
||||
Source996: CHANGELOG.rst
|
||||
|
@ -11,14 +11,6 @@ BuildRequires: ansible-core >= 2.11.0
|
||||
|
||||
%bcond_with collection_artifact
|
||||
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 8
|
||||
%bcond_without html
|
||||
%else
|
||||
# pandoc is not supported in rhel 7 and older,
|
||||
# which is needed for converting .md to .html.
|
||||
%bcond_with html
|
||||
%endif
|
||||
|
||||
%if 0%{?rhel}
|
||||
Name: rhel-system-roles
|
||||
%else
|
||||
@ -26,7 +18,7 @@ Name: linux-system-roles
|
||||
%endif
|
||||
Url: https://github.com/linux-system-roles
|
||||
Summary: Set of interfaces for unified system management
|
||||
Version: 1.22.0
|
||||
Version: 1.23.0
|
||||
Release: 1%{?dist}
|
||||
|
||||
License: GPLv3+ and MIT and BSD and Python
|
||||
@ -86,92 +78,92 @@ Requires: (ansible-core >= 2.11.0 or ansible >= 2.9.0)
|
||||
%%global rolestodir %%{?rolestodir} %%{roletodir%{1}}
|
||||
}
|
||||
|
||||
%global mainid e010c878833e363195dd707d1334ff48a254b092
|
||||
%global mainid eadd06cfa98d244b096cff24cd11b668428b1613
|
||||
Source: %{url}/auto-maintenance/archive/%{mainid}/auto-maintenance-%{mainid}.tar.gz
|
||||
|
||||
# BEGIN AUTOGENERATED SOURCES
|
||||
%global rolename1 postfix
|
||||
%deftag 1 1.3.8
|
||||
%deftag 1 1.3.9
|
||||
|
||||
%global rolename2 selinux
|
||||
%deftag 2 1.6.1
|
||||
%deftag 2 1.6.3
|
||||
|
||||
%global rolename3 timesync
|
||||
%deftag 3 1.7.6
|
||||
%deftag 3 1.7.7
|
||||
|
||||
%global rolename4 kdump
|
||||
%deftag 4 1.3.6
|
||||
%deftag 4 1.3.8
|
||||
|
||||
%global rolename5 network
|
||||
%deftag 5 1.13.1
|
||||
%deftag 5 1.13.2
|
||||
|
||||
%global rolename6 storage
|
||||
%deftag 6 1.12.3
|
||||
%deftag 6 1.12.4
|
||||
|
||||
%global rolename7 metrics
|
||||
%deftag 7 1.8.6
|
||||
%deftag 7 1.8.7
|
||||
|
||||
%global rolename8 tlog
|
||||
%deftag 8 1.2.16
|
||||
%deftag 8 1.2.17
|
||||
|
||||
%global rolename9 kernel_settings
|
||||
%deftag 9 1.1.17
|
||||
%deftag 9 1.1.18
|
||||
|
||||
%global rolename10 logging
|
||||
%deftag 10 1.11.9
|
||||
%deftag 10 1.11.10
|
||||
|
||||
%global rolename11 nbde_server
|
||||
%deftag 11 1.3.8
|
||||
%deftag 11 1.3.9
|
||||
|
||||
%global rolename12 nbde_client
|
||||
%deftag 12 1.2.14
|
||||
%deftag 12 1.2.15
|
||||
|
||||
%global rolename13 certificate
|
||||
%deftag 13 1.2.1
|
||||
%deftag 13 1.2.2
|
||||
|
||||
%global rolename14 crypto_policies
|
||||
%deftag 14 1.2.11
|
||||
%deftag 14 1.2.12
|
||||
|
||||
%global forgeorg15 https://github.com/willshersystems
|
||||
%global repo15 ansible-sshd
|
||||
%global rolename15 sshd
|
||||
%deftag 15 v0.19.0
|
||||
%deftag 15 v0.21.0
|
||||
|
||||
%global rolename16 ssh
|
||||
%deftag 16 1.2.1
|
||||
%deftag 16 1.2.2
|
||||
|
||||
%global rolename17 ha_cluster
|
||||
%deftag 17 1.10.0
|
||||
%deftag 17 1.10.1
|
||||
|
||||
%global rolename18 vpn
|
||||
%deftag 18 1.5.8
|
||||
%deftag 18 1.5.9
|
||||
|
||||
%global rolename19 firewall
|
||||
%deftag 19 1.6.3
|
||||
%deftag 19 1.6.4
|
||||
|
||||
%global rolename20 cockpit
|
||||
%deftag 20 1.4.7
|
||||
%deftag 20 1.4.8
|
||||
|
||||
%global rolename21 podman
|
||||
%deftag 21 1.3.2
|
||||
%deftag 21 1.3.3
|
||||
|
||||
%global rolename22 ad_integration
|
||||
%deftag 22 1.1.3
|
||||
%deftag 22 1.2.2
|
||||
|
||||
%global rolename23 rhc
|
||||
%deftag 23 1.2.4
|
||||
%deftag 23 1.2.5
|
||||
|
||||
%global rolename24 journald
|
||||
%deftag 24 1.0.5
|
||||
%deftag 24 1.0.6
|
||||
|
||||
%global rolename25 postgresql
|
||||
%deftag 25 1.1.0
|
||||
%deftag 25 1.1.1
|
||||
|
||||
%global rolename26 systemd
|
||||
%deftag 26 1.0.1
|
||||
%deftag 26 1.0.2
|
||||
|
||||
%global rolename27 keylime_server
|
||||
%deftag 27 1.0.0
|
||||
%deftag 27 1.0.1
|
||||
|
||||
Source1: %{archiveurl1}
|
||||
Source2: %{archiveurl2}
|
||||
@ -217,21 +209,8 @@ Source1004: vendoring-build.inc
|
||||
|
||||
Source995: CHANGELOG.md
|
||||
|
||||
Patch2201: 0001-fix-use-command-stdin-for-password-and-do-not-log-pa.patch
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
%if %{with html}
|
||||
# Requirements for md2html.sh to build the documentation
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 9
|
||||
BuildRequires: rubygem-kramdown-parser-gfm
|
||||
%else
|
||||
BuildRequires: pandoc
|
||||
BuildRequires: asciidoc
|
||||
BuildRequires: highlight
|
||||
%endif
|
||||
%endif
|
||||
|
||||
# Requirements for galaxy_transform.py
|
||||
BuildRequires: python3
|
||||
BuildRequires: python%{python3_pkgversion}-ruamel-yaml
|
||||
@ -297,6 +276,8 @@ for rolename in %{rolenames}; do
|
||||
fi
|
||||
fi
|
||||
mv "$dir_from_archive" ${rolename}
|
||||
# Move a hidden .README.html to a not hidden README.html
|
||||
mv $rolename/.README.html $rolename/README.html
|
||||
done
|
||||
|
||||
%if 0%{?rhel}
|
||||
@ -314,7 +295,7 @@ find -P tests examples -name \*.yml | while read file; do
|
||||
-e "s/ansible-sshd/linux-system-roles.sshd/" \
|
||||
-e "s/ willshersystems.sshd/ linux-system-roles.sshd/" "$file"
|
||||
done
|
||||
sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" README.md
|
||||
sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" README.md README.html
|
||||
sed -r -i -e 's/min_ansible_version: 2.8/min_ansible_version: "2.9"/' meta/main.yml
|
||||
cd ..
|
||||
|
||||
@ -331,10 +312,6 @@ if [ "$rolesdir" != "$realrolesdir" ]; then
|
||||
fi
|
||||
cd ..
|
||||
|
||||
cd %{rolename22}
|
||||
%patch2201 -p1
|
||||
cd ..
|
||||
|
||||
# vendoring build steps, if any
|
||||
%include %{SOURCE1004}
|
||||
|
||||
@ -369,29 +346,43 @@ find -type f -executable -name '*.py' -exec \
|
||||
# remove upstream-only documentation - for example, documentation
|
||||
# about collection dependencies is not needed in Fedora and EL RPMs
|
||||
# since the dependencies are already provided
|
||||
sed -e '/^## Requirements/,/^#/s/^See below$/None/' \
|
||||
-e '/^### Collection requirements/,/^#/ {/^### Collection/d;/^#/!d}' \
|
||||
sed -e '/# Requirements/,/^#/s/^See below$/None/' \
|
||||
-e '/# Collection requirements/,/^#/ {/# Collection requirements/d;/^#/!d}' \
|
||||
-i */README.md
|
||||
sed -e '/id="requirements">Requirements<\/h/,/^<h/s/See below/None/' \
|
||||
-e '/id="collection-requirements">/,/^<h/ {/id="collection-requirements">/d;/^<h/!d}' \
|
||||
-i */README.html
|
||||
|
||||
for role in %{rolenames}; do
|
||||
# awk: Remove collection-requirements from README.html TOC
|
||||
# 1. If match found, add the line and -2,+1 lines' line number in an array "d".
|
||||
# 2. Save all lines in an array with line number as index
|
||||
# 3. Print only those index not in array "d"
|
||||
awk '/id="toc-collection-requirements">/{for(x=NR-2;x<=NR+1;x++)d[x];} \
|
||||
{a[NR]=$0} \
|
||||
END{for(i=1;i<=NR;i++)if(!(i in d))print a[i]}' \
|
||||
$role/README.html > $role/README.html.tmp
|
||||
mv $role/README.html.tmp $role/README.html
|
||||
done
|
||||
|
||||
# sshd README is not in the same format
|
||||
sed -e '/^### Optional requirements/,/^Role variables/ {/^### Optional/d;/^Role variables/!d}' \
|
||||
sed -e '/# Optional requirements/,/# Role variables/ {/# Optional/d;/# Role variables/!d}' \
|
||||
-i sshd/README.md
|
||||
sed -e '/id="optional-requirements">/,/^<h/ {/id="optional-requirements">/d;/^<h/!d}' \
|
||||
-i sshd/README.html
|
||||
# Remove optional-requirements from README.html TOC
|
||||
awk '/id="toc-optional-requirements">/{for(x=NR-2;x<=NR+1;x++)d[x];} \
|
||||
{a[NR]=$0} \
|
||||
END{for(i=1;i<=NR;i++)if(!(i in d))print a[i]}' \
|
||||
sshd/README.html > sshd/README.html.tml
|
||||
mv sshd/README.html.tml sshd/README.html
|
||||
|
||||
|
||||
%if %{with html}
|
||||
# HACK HACK HACK
|
||||
# pandoc/asciidoc on rhel 8.9 does not like the journald README badge links
|
||||
# remove all of the badge links from all README.md files
|
||||
# in the first 14 lines of the file, remove any line that looks like a
|
||||
# github action badge
|
||||
# HACK HACK HACK
|
||||
readmes=""
|
||||
matchstr="actions/workflows/"
|
||||
for role in %{rolenames}; do
|
||||
# in the first 14 lines of README.md, remove any line that looks like a
|
||||
# github action badge. README.html doesn't have these lines.
|
||||
sed -e "1,14 {\\,${matchstr},d; /\!\[/d}" -i $role/README.md
|
||||
readmes="${readmes} $role/README.md"
|
||||
done
|
||||
sh md2html.sh $readmes
|
||||
%endif
|
||||
|
||||
mkdir .collections
|
||||
%if 0%{?rhel}
|
||||
@ -402,7 +393,7 @@ mkdir .collections
|
||||
"https://linux-system-roles.github.io" \
|
||||
"https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/administration_and_configuration_tasks_using_system_roles_in_rhel" \
|
||||
"https://access.redhat.com/articles/3050101" \
|
||||
"https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%208&component=rhel-system-roles" \
|
||||
"https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332745&summary=Your%20request%20summary&issuetype=1&priority=10200&labels=Partner-Feature-Request&components=12380283" \
|
||||
> galaxy.yml.tmp
|
||||
# we vendor-in all of the dependencies on rhel, so remove them
|
||||
rm -f lsr_role2collection/collection_requirements.txt
|
||||
@ -434,13 +425,6 @@ LANG=C.utf-8 LC_ALL=C.utf-8 %{python3} release_collection.py --galaxy-yml galaxy
|
||||
--src-path $(pwd) --dest-path $(pwd)/.collections $includes --force --no-update \
|
||||
--src-owner %{name} --skip-git --skip-check --skip-changelog $extra_mapping --debug
|
||||
|
||||
# Remove table of contents from logging README.md
|
||||
# It is not needed for html and AH/Galaxy
|
||||
sed -i -e 's/^\(## Table of Contents\)/## Background\n\1/' \
|
||||
.collections/ansible_collections/%{collection_namespace}/%{collection_name}/roles/logging/README.md
|
||||
sed -i -e '/^## Table of Contents/,/^## Background/d' \
|
||||
.collections/ansible_collections/%{collection_namespace}/%{collection_name}/roles/logging/README.md
|
||||
|
||||
# Remove internal links from readme files
|
||||
# They are not rendered properly on AH.
|
||||
for role in %{rolenames}; do
|
||||
@ -489,10 +473,8 @@ for role in %{rolenames}; do
|
||||
"%{buildroot}%{_pkgdocdir}/$role"
|
||||
ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.md" \
|
||||
"%{buildroot}%{_pkgdocdir}/$role"
|
||||
%if %{with html}
|
||||
ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.html" \
|
||||
"%{buildroot}%{_pkgdocdir}/$role"
|
||||
%endif
|
||||
if [ -f "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" ]; then
|
||||
ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" \
|
||||
"%{buildroot}%{_pkglicensedir}/$role.COPYING"
|
||||
@ -551,7 +533,7 @@ ln -sr %{buildroot}%{ansible_collection_files}%{collection_name}/README.md \
|
||||
%{buildroot}%{_pkgdocdir}/collection
|
||||
|
||||
for rolename in %{rolenames}; do
|
||||
for file in CHANGELOG.md README.md; do
|
||||
for file in CHANGELOG.md README.md README.html; do
|
||||
if [ -f %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file ]; then
|
||||
if [ ! -d %{buildroot}%{_pkgdocdir}/collection/roles/${rolename} ]; then
|
||||
mkdir -p %{buildroot}%{_pkgdocdir}/collection/roles/${rolename}
|
||||
@ -562,15 +544,6 @@ for rolename in %{rolenames}; do
|
||||
done
|
||||
done
|
||||
|
||||
%if %{with html}
|
||||
# converting README.md to README.html for collection in %%{buildroot}%%{_pkgdocdir}/collection
|
||||
readmes="%{buildroot}%{_pkgdocdir}/collection/README.md"
|
||||
for role in %{rolenames}; do
|
||||
readmes="${readmes} %{buildroot}%{_pkgdocdir}/collection/roles/${role}/README.md"
|
||||
done
|
||||
sh md2html.sh $readmes
|
||||
%endif
|
||||
|
||||
%if %{with collection_artifact}
|
||||
# Copy collection artifact to /usr/share/ansible/collections/ for collection-artifact
|
||||
pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/
|
||||
@ -672,6 +645,14 @@ find %{buildroot}%{ansible_roles_dir} -mindepth 1 -maxdepth 1 | \
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Sep 20 2023 Sergei Petrosian <spetrosi@redhat.com> - 1.23.0-1
|
||||
- Resolves: RHEL-5345 spec - Remove with_html, instead use built-in .README.html
|
||||
- Resolves: RHEL-5985 ansible-sshd - Manage SSH certificates
|
||||
- rhbz#2224648: Remove ad_integration patch and use the latest ad_integration
|
||||
version instead. Vendor community-general.ini_files for
|
||||
- RHEL-1119: ad_integration: Support for dynamic DNS Updates
|
||||
- Change link to open new issue in galaxy.yml from deprecated BZ to Jira
|
||||
|
||||
* Tue Aug 15 2023 Rich Megginson <rmeggins@redhat.com> - 1.22.0-1
|
||||
- Resolves:rhbz#2233183 : ad_integration - red hat "rhel system role" ad_integration leaks credentials when in check_mode
|
||||
- Resolves:rhbz#2232391 : kdump - role: "Write new authorized_keys if needed" task idempotency issues
|
||||
|
58
sources
58
sources
@ -1,31 +1,31 @@
|
||||
SHA512 (ad_integration-1.1.3.tar.gz) = 271465fc159fe716167eca40c1a9ce002201fb823e0b17c10e6b6ddc80fb87fa8b6d25b7691fc9a3652924b93c99a4269b74d61cb670834be6301e434c97f4ec
|
||||
SHA512 (ad_integration-1.2.2.tar.gz) = 09ff168403363d2196c6bb1987201017300a6258c11ebcef31572083059f10384302e4b903473ce5483f4eb4ba0251f315d4e675d3d900be326a4ec5d1c689e4
|
||||
SHA512 (ansible-posix-1.5.4.tar.gz) = 63321c2b439bb2c707c5bea2fba61eaefecb0ce1c832c4cfc8ee8bb89448c8af10e447bf580e8ae6d325c0b5891b609683ff2ba46b78040e2c4d3d8b6bdcd724
|
||||
SHA512 (ansible-sshd-v0.19.0.tar.gz) = 06103696ee1810a8cdbb7f26e0542e85e53c6b758dbc9d87e47a3fd024c8c7fb77b54934e227b0ece4712483d89d52b1e94b1ee5cb667e420261928e8e994b53
|
||||
SHA512 (auto-maintenance-e010c878833e363195dd707d1334ff48a254b092.tar.gz) = 01c4fbf9762d789f94dfea3f30a4bae5c7a8e37f551bd84efdd281bc7b84250aa45c6e9c6f4bfd0e41bce34ef2643e47718f6fd2b6ffade286758b1d625182fd
|
||||
SHA512 (certificate-1.2.1.tar.gz) = 7ca0dd56de62ffcfeb3d2d438f125f5bc04009357085053f2ab2fc281fd4fa659a9d77bf7aa37264c980f057db501e64cd6c72cd7545096850053e8b0a6c75f9
|
||||
SHA512 (cockpit-1.4.7.tar.gz) = 4241a400e26abfdc188d016dc367a62cb51979bcaa41f579714e9b01d2a84548ba06f24f011936248bfe18e05c706a70e5e1367307d306f4c65fdcd9a6a83fa6
|
||||
SHA512 (community-general-7.3.0.tar.gz) = 8f7b6d31b3b6c9c5534f984ec9c7954ab3e7c0c5cbe78bf4e9178398bba1aa8371773a83fcdf37abf4cb6df3c3ebda88c29f20aa506fd27d4b428150fc107bf5
|
||||
SHA512 (ansible-sshd-v0.21.0.tar.gz) = 38230da8389f3edbbe3c146756cf4697ede181f6cbed02cc215b35efeec948ef42c241fb02c8d5eece3dc1b6eec21a8ea4666d8ec8dab36885b2bdd0d368bba8
|
||||
SHA512 (auto-maintenance-eadd06cfa98d244b096cff24cd11b668428b1613.tar.gz) = 0e5e45f8d7a05a4fee7916edb5628cdb105bab9f7770bb752fd229d13ea0d586b2938d8de5d60c14b2ff9d28d5f1bca7201b6197abf2af1e223404f0a8742068
|
||||
SHA512 (certificate-1.2.2.tar.gz) = cea7ef52def7d5f12360cb12cc41341eebeff52639a1bf56c6d46d72598f7944d743abba05e23fab241a144cd4ea605d45ad1b60bb5ce9e6dc2c52cf557cf476
|
||||
SHA512 (cockpit-1.4.8.tar.gz) = 266d03d517d4e0d4eee9b39af5f4bfc0f921f5faeb7f6dd757e8a440df60b355d67a84c7cc3fe50827b8c37e6cfd5780435b35daef5b7894ccd5e22c4408de6c
|
||||
SHA512 (community-general-7.4.0.tar.gz) = 68e51cdc8cabf05db2b46cf4ee2a373cfc2588fda1475655f9319a8f1f270a69ffa380656a6924fd9f6e10af4bdb9c988232931b7a744c47277ebc17c1b19498
|
||||
SHA512 (containers-podman-1.10.3.tar.gz) = 5234d12ab5a870bc08553e5a51d06f75dfa73f22764378ffb2053b55cb306fc7ec1f24d399f414cac8213de4c34211c33d947c02d823da6ef2ee31bdbb7c1fad
|
||||
SHA512 (crypto_policies-1.2.11.tar.gz) = b3bac1bf3b960b44f437ed2a42d2208406956166c18a1d0e711c44b75997ec26dd6628e0257b72ba1e540e62ac88d968287a47b0750b42961a90fa508febf1e3
|
||||
SHA512 (firewall-1.6.3.tar.gz) = 0e08a4494cd9c346d3bb1aace78deeb7868b3e121247d5baa024109b5f880a5aa7ed55a41d005b5a8252e9a92e0046a361e856138734741397c230998122fb5c
|
||||
SHA512 (ha_cluster-1.10.0.tar.gz) = 961145301b607def32352bd79f46f31d33866d3c3f588649135cab061966f65157a9fe3923881a294e80b87d6671697446a6074da4cf1b8645af11affc89500d
|
||||
SHA512 (journald-1.0.5.tar.gz) = 905d7b354f411f6b053e3ee6ada6771da8f5d310df5ef9c8eff5e88e6c31d968275cec1155bf8bbeeafa5c6436eb859f4d1dfdaefe097aa4feaea015559213cf
|
||||
SHA512 (kdump-1.3.6.tar.gz) = 196d49bde461e0325adeaa1c9dda41c567974e3e79e9134f7f7f185832b834ce2bcdbcc3bb2558afa0717c07c2fe56ea36377596c2f79c0436e06bb4fd8607eb
|
||||
SHA512 (kernel_settings-1.1.17.tar.gz) = 1d5fcb9d369a06409c718b84d052d123412c90d81ff29124f6ad0eaa31616b95fdda5b5a5e838acade9553f8c8a6ea1d1a33c4a6bf4cd334980b45c7ffbaa46b
|
||||
SHA512 (keylime_server-1.0.0.tar.gz) = 0366331302ad198da675abbb700ffe81c15b364357d834b89ab383b945fa57301ede1a48efa6ffb766c7f3b0b5165fd5c7961642d4826749dd079d71cf1c70a1
|
||||
SHA512 (logging-1.11.9.tar.gz) = ed06e51b86a7b23ed469afdb35e7f314812faa7e7e5a53022e5008d9d1a309ff3bfbdd61fdeb25d44ff8093bc31e2d786de0db00f265a39c2ccf99832104f1ce
|
||||
SHA512 (metrics-1.8.6.tar.gz) = a1eea695a4c151004d614335e40cde58598af5bba6b4040336307bc24638b1fce0663076b78a1b7993f61a0554e09c88487bf317ab32530505cc5b3e70eafb98
|
||||
SHA512 (nbde_client-1.2.14.tar.gz) = eef8b6e55adddc6b2aabfaa1fd210a55a67c8b9e9fdb74a6fd91779525565460a727b71550ecd8c432636bde89ae90d3d27c85a1665ccbe85f1d222284d12f99
|
||||
SHA512 (nbde_server-1.3.8.tar.gz) = a3267b1fc50f79cad49a77a3214abbff698929021d55a31d7a00a698d0b0dfb01eb72adf0187879df92b8213ab7805057e586eaeb480d1be3caf97b1307f4a0d
|
||||
SHA512 (network-1.13.1.tar.gz) = edc4ada1f54b8487144b87d2adbd145641f1c28a96bc41dcf242835e8ab4841a6025190f818fe0d2747a630c7d9cf1e202039baf90672bdc74c3ca2ab81ee688
|
||||
SHA512 (podman-1.3.2.tar.gz) = 74172656558306d8e1e03f9ee5c5ccebf6057f05dec0d9f8c79b66b156d2f1a89175b161ba740437f9bb4eb11b672580da588e7347d8d309e6503a81cc0d88ef
|
||||
SHA512 (postfix-1.3.8.tar.gz) = 95afd83bf883a820fe90264d2a6276336b1f5d49a9214cbbd9304e4ce3c05a990ee88f13552020fb37382c9ea26b851216dd5d59ed819fe118aa79d06f993a21
|
||||
SHA512 (postgresql-1.1.0.tar.gz) = fcc324a9ca431c441a911443db573a952e6f41e121c1a1f7f1090d22e80970ef346c291c54155df4131cc3535367b0d17b6a0990f0ad1d1b8ea3a7ebe054663d
|
||||
SHA512 (rhc-1.2.4.tar.gz) = e1b3599b0bb545144c4192e6264bde807db03f5dd7309f627624a79f7dedd427e55fc9579440f648f1561dbd6192ffa2659538761bb7e9956e77c0de727ecd4b
|
||||
SHA512 (selinux-1.6.1.tar.gz) = 05a8f341860cff7b20b1914401559a40ae1e2a84cb14e8e3ddb9a293940000053cf9c0f31a7b6f3c2b6964f6e60f9e1acd35741667eb0daa3a9d73bf33053d89
|
||||
SHA512 (ssh-1.2.1.tar.gz) = 6a83c1d730ca5003e025c90de9843362201d7b09b32646d32620c46edaf79c0fa2e431534ed31a5c4f661f6f499df725953e9dd532444a430bdf3db51b1b275e
|
||||
SHA512 (storage-1.12.3.tar.gz) = 54c06ca657e3c24565103e6f13c31cd8bcd51e63073d41ea57430bcca6d88411afb92166fb129adc77395c1599e9b0c11620445d7cb6fda85dcae94be3af2170
|
||||
SHA512 (systemd-1.0.1.tar.gz) = da7f765d7b3ced84dee4dbb888bfa492ac535a52fe589fc0a91d7840374a6fa6702f5f64b3b2dd96f5c6b8c5e5ba513de18ada6b9e551c64a80f273146667c6a
|
||||
SHA512 (timesync-1.7.6.tar.gz) = 20801e5bfa7ee97863d128a26f8a39e38cf8c5ce8140f73cecc5cce62e2ed71700c5d4c2c68d7cc366df9cddfc00a6d5311957fb42a1ef8fbaa75ca28e394d3c
|
||||
SHA512 (tlog-1.2.16.tar.gz) = 2c6ae40bfc90f839e7baa507687d04f3a83a2bcee01fe0de02f71820f8617f3e2bcb1257675bcf3aa3795f4fcc1b9efe74aa79d548502a79188be7659528d6bd
|
||||
SHA512 (vpn-1.5.8.tar.gz) = ae1055c7e219cf76bc277c7613f6735d4d7fb1d1c03da7f8a2fdacded9ca76ab65094688685e79beaa036d93c336248d4a2dcb994ea75a710ef529c2aafd33ec
|
||||
SHA512 (crypto_policies-1.2.12.tar.gz) = 01d290536616147ab07571dfbb597681d406bad7623cb370bfae53c4a5d234d7467eda1127cc89527771936eec571f019eeb73d1819c7951c7ef74f29b03238b
|
||||
SHA512 (firewall-1.6.4.tar.gz) = b8aa8182b35d51d2797d92538b13df9a94ea60864dc97e4736c0fbdb7134ac2b0f8f058b5cfe86b5725e77db94c1d72a582201de210fa69ba21d1a6dbf224f95
|
||||
SHA512 (ha_cluster-1.10.1.tar.gz) = b5d12aa0c495b209f4858699892b2fae8d57290b9d42cc567593164286d70b91147ce5aa6c727053b6ced28c9ef6bdaa97ac65a9bab042e9fe2f8c681f05f1ac
|
||||
SHA512 (journald-1.0.6.tar.gz) = 64cc62b9209a9447e03a14fe2782c72516ffbd35b36ff3a629eb65a4d48b18cd5d1a3511312300e18951531d41141d23c10fa1fcebdbd447877e415565c84bf8
|
||||
SHA512 (kdump-1.3.8.tar.gz) = f415cd3e95e2f803dc20f19c98bf3e09fa2e3e8e3bef681af30cbe7cade9e7efdedc5671feddb532d66306d69acea1605f5ca0cd0cd7119a9b6dade493adf3e8
|
||||
SHA512 (kernel_settings-1.1.18.tar.gz) = ee5917dbd2f186e43cebdb04d6b4553fa322d8e466f8874e9141f069317ecd15aa60003f898bb701dd056ccc96c1a4f94109e393d3915cbf282cd46f4365c4a7
|
||||
SHA512 (keylime_server-1.0.1.tar.gz) = d0cd3599dae71662f9ca926e5f52b27ff9f9530870e181a25bd0c9ef51772600b0c540d478154558278330527bf8dac46b436b52952aba4b536af61c50640b19
|
||||
SHA512 (logging-1.11.10.tar.gz) = d606ba04c91e22795c078c72651d34a84e4a9eecd3b83eedc745a3a062338b014731d5306eb3fce3abae8450d9ca78bd240b51c2d529160b3675966fd7ef2097
|
||||
SHA512 (metrics-1.8.7.tar.gz) = fa6fedb4f3d17ad8e24a4f878267653bb4e18f3c114245efd1b8cba2113d56471481ad1d67e5a106d9b648859fe2d3f1cc37d24aa718f846d54d73d397bfb15b
|
||||
SHA512 (nbde_client-1.2.15.tar.gz) = 6d3527018cf570f15fc35dc20e5cca9d1685e5a5213397387579e8a17172a766c90625da99ac744a38e75107b582c3106b772c6e7d2ecbab32ba7b3262781796
|
||||
SHA512 (nbde_server-1.3.9.tar.gz) = 3bf6fdd5a55acd6a46f8f03af793fdac8c33a5f509b992b97318b52e9a53f33987ee0f20b36da52fca97e4693118d098fd7af7c0ae01503633a563ad22021bd0
|
||||
SHA512 (network-1.13.2.tar.gz) = 55ea84a7ec0ff52f7f5855c5e1d8b8c1a5dc5878b118430b9dbde2edf50cf0e80660e71d687a47943369ef525625c4c41cade2d170623f526953c587caebc235
|
||||
SHA512 (podman-1.3.3.tar.gz) = 984bdc6b5972774965b8bfbbfa66fbe9c1d436b95c6b3c5cbcff9748f3d28d2b3e17bc014ffb5edcf13231ed25f5692fdad4af3bba88b7f7097542cf6bcf8566
|
||||
SHA512 (postfix-1.3.9.tar.gz) = 34ae431a8a73ee6eec35a50a8845c10ca5d2eec82d5181416a4c86838b22ad777ce2913540fb0c40ab7e899946bca09d950912a3453589505cda194ebcfdf3c5
|
||||
SHA512 (postgresql-1.1.1.tar.gz) = 988d6a673bee25a7438877890ceedcb28f0c9cc366934696cb38b170eff99571a1616c65c8d6f8e37ef09fcd5b9d05311a103f80741e33d6c18e3a408495032b
|
||||
SHA512 (rhc-1.2.5.tar.gz) = 5c7ab5c687078f69d35e852b7cb6f805e5daafae0c9333bac2a0a654fb848d3b8ce7b07a1115e6eeede02931d80c8b0de10206d48efacfc2bb9bec819c580c06
|
||||
SHA512 (selinux-1.6.3.tar.gz) = 110a736a5e91cd68bb5fd2e6a7ea35482f710b0d997187a2502b7b9f8f891569a19b48ecbadce403a4a8d208b1032aad9a800176e8442eac0b6d215a8e9802ee
|
||||
SHA512 (ssh-1.2.2.tar.gz) = 3eb83f66cefe0b696ad853feceae6b556bf195c41f18edb122353226e7eff187d2befd9a83a0b3483d7b545e291d2ce45c8e5655bf89764dc65de394a708a6a2
|
||||
SHA512 (storage-1.12.4.tar.gz) = 3dd2e2e5096c532ab351e4b2112739f31e78045c477098fa8835cb37542463dae7a90dc5e2160757002dbc8a2eaf8d2e66992c0c8a65f1ed55470bfc69a525c5
|
||||
SHA512 (systemd-1.0.2.tar.gz) = 83a0f52d0b271f80aabf298dfddc1782d68d96ba800f1cba86da68895f6d6ed5d0f2e3eb4a433ede496f88a92b8c8ddf1fb3ac2940329501255a420e993031d2
|
||||
SHA512 (timesync-1.7.7.tar.gz) = 9446bea552ce4c7c794671440b72c692b3c7326a0e1d606dc43f928e1b18fadbc6bffc63ceb93abf891e8833ed7e790a6efe66688dc41126bc95323560b078aa
|
||||
SHA512 (tlog-1.2.17.tar.gz) = 404cbe1909824af707342b9bc95f656742a02a18077953b4b45326cf9e033beb02165ffeb649a39a97c802b1756f49b3cdc502535da0c6bf3b747673f767609a
|
||||
SHA512 (vpn-1.5.9.tar.gz) = ac8ee6dab70f7a92d7314a7bca3903adb699281d86be6444d2864fea6cc18e8e74e00ff1d0a9df3a1ce7f287e1e2ff3546881b420c472f213a8c7c3b17d86992
|
||||
|
@ -28,31 +28,37 @@ done
|
||||
# community.general:
|
||||
# - library:
|
||||
# - Module seport, sefcontext and selogin for the selinux role rolename2
|
||||
# - Module ini_file for role tlog
|
||||
# - Module ini_file for role ad_integration, tlog
|
||||
# - rhc modules
|
||||
# - ha_cluster uses modprobe
|
||||
module_map=( ["seport.py"]="selinux" ["sefcontext.py"]="selinux" ["selogin.py"]="selinux" ["ini_file.py"]="tlog"
|
||||
["redhat_subscription.py"]="rhc" ["rhsm_release.py"]="rhc" ["rhsm_repository.py"]="rhc"
|
||||
module_map=( ["seport.py"]="selinux"
|
||||
["sefcontext.py"]="selinux"
|
||||
["selogin.py"]="selinux"
|
||||
["ini_file.py"]="ad_integration tlog"
|
||||
["redhat_subscription.py"]="rhc"
|
||||
["rhsm_release.py"]="rhc"
|
||||
["rhsm_repository.py"]="rhc"
|
||||
["modprobe.py"]="ha_cluster" )
|
||||
for module in "${!module_map[@]}"; do
|
||||
role="${module_map[${module}]}"
|
||||
if [ ! -d $role/library ]; then
|
||||
mkdir $role/library
|
||||
fi
|
||||
# version 5.x seems to be broken?
|
||||
moduledir=.external/community/general/plugins/modules
|
||||
if [ ! -f $moduledir/$module ]; then
|
||||
moduledir=.external/community/general/plugins/modules/system
|
||||
fi
|
||||
if [ ! -f $moduledir/$module ]; then
|
||||
moduledir=.external/community/general/plugins/modules/files
|
||||
fi
|
||||
cp -pL $moduledir/$module $role/library/$module
|
||||
ls -alrtF $role/library/$module
|
||||
sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module
|
||||
for role in ${module_map[${module}]}; do
|
||||
if [ ! -d $role/library ]; then
|
||||
mkdir $role/library
|
||||
fi
|
||||
# version 5.x seems to be broken?
|
||||
moduledir=.external/community/general/plugins/modules
|
||||
if [ ! -f $moduledir/$module ]; then
|
||||
moduledir=.external/community/general/plugins/modules/system
|
||||
fi
|
||||
if [ ! -f $moduledir/$module ]; then
|
||||
moduledir=.external/community/general/plugins/modules/files
|
||||
fi
|
||||
cp -pL $moduledir/$module $role/library/$module
|
||||
ls -alrtF $role/library/$module
|
||||
sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module
|
||||
|
||||
# Remove doc_fragments
|
||||
sed -i '/^extends_documentation_fragment:/,/^[^ -]/{/^extends/d;/^[ -]/d}' $role/library/$module
|
||||
# Remove doc_fragments
|
||||
sed -i '/^extends_documentation_fragment:/,/^[^ -]/{/^extends/d;/^[ -]/d}' $role/library/$module
|
||||
done
|
||||
done
|
||||
|
||||
# containers.podman:
|
||||
|
Loading…
Reference in New Issue
Block a user