import rhel-system-roles-1.20.1-1.el9_1

2022-11-15 01:39:52 -05:00 · 2022-11-15 01:39:52 -05:00 · 5171bcc189
commit 5171bcc189
parent 9c094cac15
10 changed files with 1008 additions and 874 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,23 +1,23 @@
-SOURCES/ansible-posix-1.3.0.tar.gz
-SOURCES/ansible-sshd-214df35c0bee77b5d69f49c2da269251d451b28f.tar.gz
-SOURCES/auto-maintenance-5e7bb389fc5e93184871b3907e75ba896874dc21.tar.gz
-SOURCES/certificate-1.1.3.tar.gz
-SOURCES/cockpit-1.2.1.tar.gz
-SOURCES/community-general-4.6.0.tar.gz
-SOURCES/crypto_policies-1.2.3.tar.gz
-SOURCES/firewall-1.1.0.tar.gz
-SOURCES/ha_cluster-1.4.1.tar.gz
-SOURCES/kdump-1.2.2.tar.gz
-SOURCES/kernel_settings-1.1.6.tar.gz
-SOURCES/logging-1.8.1.tar.gz
-SOURCES/metrics-1.5.1.tar.gz
-SOURCES/nbde_client-1.2.2.tar.gz
-SOURCES/nbde_server-1.1.2.tar.gz
-SOURCES/network-1.7.1.tar.gz
-SOURCES/postfix-1.2.0.tar.gz
-SOURCES/selinux-1.3.4.tar.gz
-SOURCES/ssh-1.1.4.tar.gz
-SOURCES/storage-1.7.0.tar.gz
-SOURCES/timesync-1.6.6.tar.gz
-SOURCES/tlog-1.2.6.tar.gz
-SOURCES/vpn-1.3.2.tar.gz
+SOURCES/ansible-posix-1.4.0.tar.gz
+SOURCES/ansible-sshd-9766d9097a87a130d4c8abde2247aaad5c925ecf.tar.gz
+SOURCES/auto-maintenance-c22eff88d40972158cd5c413b7468b4e904cc76c.tar.gz
+SOURCES/certificate-1.1.6.tar.gz
+SOURCES/cockpit-1.3.0.tar.gz
+SOURCES/community-general-5.4.0.tar.gz
+SOURCES/crypto_policies-1.2.6.tar.gz
+SOURCES/firewall-1.4.0.tar.gz
+SOURCES/ha_cluster-1.7.4.tar.gz
+SOURCES/kdump-1.2.5.tar.gz
+SOURCES/kernel_settings-1.1.10.tar.gz
+SOURCES/logging-1.10.0.tar.gz
+SOURCES/metrics-1.7.3.tar.gz
+SOURCES/nbde_client-1.2.6.tar.gz
+SOURCES/nbde_server-1.1.5.tar.gz
+SOURCES/network-1.9.1.tar.gz
+SOURCES/postfix-1.2.4.tar.gz
+SOURCES/selinux-1.4.0.tar.gz
+SOURCES/ssh-1.1.9.tar.gz
+SOURCES/storage-1.9.1.tar.gz
+SOURCES/timesync-1.6.9.tar.gz
+SOURCES/tlog-1.2.9.tar.gz
+SOURCES/vpn-1.3.5.tar.gz
--- a/.rhel-system-roles.metadata
+++ b/.rhel-system-roles.metadata
@ -1,23 +1,23 @@
-d2d2382c38eaf34d2295aba2aa4652d75ebbaeef SOURCES/ansible-posix-1.3.0.tar.gz
-a4d4556cf6628e87fa62dec6c46099338b499930 SOURCES/ansible-sshd-214df35c0bee77b5d69f49c2da269251d451b28f.tar.gz
-a2ec14498a7fd213f08dd24ca139039c958b07fd SOURCES/auto-maintenance-5e7bb389fc5e93184871b3907e75ba896874dc21.tar.gz
-cee41b5fd6359e9ddeb83c5af7b8057fef6b2334 SOURCES/certificate-1.1.3.tar.gz
-004064268df0e7dd154331b7799272d3277388d4 SOURCES/cockpit-1.2.1.tar.gz
-ad8684050c86bad7ce4882a84e14be6867a56d8d SOURCES/community-general-4.6.0.tar.gz
-0684c1335923ba8ebbb05afbd507e5ff31f874d6 SOURCES/crypto_policies-1.2.3.tar.gz
-fcb8d48ccaeba886859ce6afd3d14bbb3f8a5667 SOURCES/firewall-1.1.0.tar.gz
-9a990a4908bdf3269bce4f214907623780a5e221 SOURCES/ha_cluster-1.4.1.tar.gz
-a1c9c89dea1dbe2410465c29ad0e1d3637ac5f52 SOURCES/kdump-1.2.2.tar.gz
-0a681d1e3b236c4750d663f2a833e786a5e958ab SOURCES/kernel_settings-1.1.6.tar.gz
-e530528ba5f9478cc8604aa6612388ea8e5078af SOURCES/logging-1.8.1.tar.gz
-430ce63a7b45b97305e4f8591192fa7e58af8292 SOURCES/metrics-1.5.1.tar.gz
-0424321322eb4d80560a8d2d9fee406296728463 SOURCES/nbde_client-1.2.2.tar.gz
-33f0a3ea008021e69b2bbd7b25f6536f91e7613d SOURCES/nbde_server-1.1.2.tar.gz
-dcd2261fe6b6a998aca3eb6c968204152e2ffd51 SOURCES/network-1.7.1.tar.gz
-95c54da9ef5acaae9553f2c4ed250452502ab9e0 SOURCES/postfix-1.2.0.tar.gz
-4e5c5216814577ee55304721e5c811ed8857efbc SOURCES/selinux-1.3.4.tar.gz
-f38972c4b22a9f226b58725c7e9ba8fac692bba2 SOURCES/ssh-1.1.4.tar.gz
-0728b4e01261f84ce470431a4ea21907db75f26a SOURCES/storage-1.7.0.tar.gz
-0bd118c9df9bf556a76d42c92bde11fde5553eba SOURCES/timesync-1.6.6.tar.gz
-d10a0dd866c1ce982d2ba22500718df3fb2ab766 SOURCES/tlog-1.2.6.tar.gz
-d1bb00636c04bc1b2d94ce0e491afe9ef921cd56 SOURCES/vpn-1.3.2.tar.gz
+bca451fd997be80be30f106e49f1bf550d2e609c SOURCES/ansible-posix-1.4.0.tar.gz
+c47e62ecf6502d952378206626ba66e456a73513 SOURCES/ansible-sshd-9766d9097a87a130d4c8abde2247aaad5c925ecf.tar.gz
+453a44d1259addc4f702ea79da7b810b420e21f1 SOURCES/auto-maintenance-c22eff88d40972158cd5c413b7468b4e904cc76c.tar.gz
+25e2045c8fc9d6455d7c5b0c7d32d4976ebc5178 SOURCES/certificate-1.1.6.tar.gz
+77b34cce8b416fec3a50900b47cbe6b8216e3036 SOURCES/cockpit-1.3.0.tar.gz
+58f117fafe36a19425b3a9bc0ba69f33e5fa81ee SOURCES/community-general-5.4.0.tar.gz
+56bc0763e0b549c3499a80e95d0953ee6769136a SOURCES/crypto_policies-1.2.6.tar.gz
+4ee58deb2a514edd81dbcc56508be4ca9fd49089 SOURCES/firewall-1.4.0.tar.gz
+6ac7fbfa996fd4425415601d28e5b7b0790682ae SOURCES/ha_cluster-1.7.4.tar.gz
+6ae0614d51db00957943fad6967674c0de88862c SOURCES/kdump-1.2.5.tar.gz
+17f28f701d7842499b232a7b28daae5f51ea631b SOURCES/kernel_settings-1.1.10.tar.gz
+042ba1183db4d36742a21c92111d68415c7c951a SOURCES/logging-1.10.0.tar.gz
+4ebbf457b9f0d767d19b7ef322b848e5e4da50ef SOURCES/metrics-1.7.3.tar.gz
+80baf489aea9052ad11c84df7a6adfca75ce7a7b SOURCES/nbde_client-1.2.6.tar.gz
+2e2ad1b455da8c0a198524a08ffe16f2c954f131 SOURCES/nbde_server-1.1.5.tar.gz
+cb01d5d59afdf4f514de5fda2220ea8271ecb699 SOURCES/network-1.9.1.tar.gz
+4a31ac4e7d4de65c2a74cfc6f3c4ff852d5a578c SOURCES/postfix-1.2.4.tar.gz
+a54aee1fa1b0ee023e4168d0abe880ad6ea64dcb SOURCES/selinux-1.4.0.tar.gz
+fcdbd369bcc41df028f842e49ebff28370d3adb4 SOURCES/ssh-1.1.9.tar.gz
+10b9bf8f3b16fc99d6070af6dbf82f9f889a8ff6 SOURCES/storage-1.9.1.tar.gz
+c0af2701a0f8db1d721bf6df4ba257888be0fe87 SOURCES/timesync-1.6.9.tar.gz
+53fd0059c1da4c42228a9c0df592a96cd5a5060f SOURCES/tlog-1.2.9.tar.gz
+ec3e9a88af360861ea3ef4be92fbb6776690272d SOURCES/vpn-1.3.5.tar.gz
--- a/SOURCES/0001-ssh-Add-final-version-of-the-option-RequiredRSASize-53.patch
+++ b/SOURCES/0001-ssh-Add-final-version-of-the-option-RequiredRSASize-53.patch
@ -0,0 +1,79 @@
+From 1bda31d2d07ed9042b09b0596904dd4f317d8f48 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 26 Sep 2022 20:20:47 +0200
+Subject: [PATCH] Add final version of the option RequiredRSASize (#53)
+
+* Update source template to match generated template
+
+* Add final name of the RequiredRSASize parameter
+
+keeping the old version for backward compatibility.
+
+Upstream commit:
+https://github.com/openssh/openssh-portable/commit/54b333d1
+---
+ .dev-tools/10_top.j2    | 4 ++--
+ .dev-tools/options_body | 1 +
+ templates/ssh_config.j2 | 3 +++
+ 3 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/.dev-tools/10_top.j2 b/.dev-tools/10_top.j2
+index 99704bd..8411de8 100644
+--- a/.dev-tools/10_top.j2
+++ b/.dev-tools/10_top.j2
+@@ -7,10 +7,10 @@
+ {%     elif value is sameas false %}
+ {{ key }} no
+ {%     elif value is string or value is number %}
+-{{ key }} {{ value }}
+{{ key }} {{ value | string }}
+ {%     else %}
+ {%       for i in value %}
+-{{ key }} {{ i }}
+{{ key }} {{ i | string }}
+ {%       endfor %}
+ {%     endif %}
+ {%   endif %}
+diff --git a/.dev-tools/options_body b/.dev-tools/options_body
+index 176879d..8cc382f 100644
+--- a/.dev-tools/options_body
+++ b/.dev-tools/options_body
+@@ -84,6 +84,7 @@ RekeyLimit
+ RemoteCommand
+ RemoteForward
+ RequestTTY
+RequiredRSASize
+ RevokedHostKeys
+ RhostsRSAAuthentication
+ RSAAuthentication
+diff --git a/templates/ssh_config.j2 b/templates/ssh_config.j2
+index fab57de..7f277c7 100644
+--- a/templates/ssh_config.j2
+++ b/templates/ssh_config.j2
+@@ -119,6 +119,7 @@ Match {{ match["Condition"] }}
+ {{       render_option("RemoteCommand",match["RemoteCommand"],true) -}}
+ {{       render_option("RemoteForward",match["RemoteForward"],true) -}}
+ {{       render_option("RequestTTY",match["RequestTTY"],true) -}}
+{{       render_option("RequiredRSASize",match["RequiredRSASize"],true) -}}
+ {{       render_option("RevokedHostKeys",match["RevokedHostKeys"],true) -}}
+ {{       render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}}
+ {{       render_option("RSAAuthentication",match["RSAAuthentication"],true) -}}
+@@ -240,6 +241,7 @@ Host {{ host["Condition"] }}
+ {{       render_option("RemoteCommand",host["RemoteCommand"],true) -}}
+ {{       render_option("RemoteForward",host["RemoteForward"],true) -}}
+ {{       render_option("RequestTTY",host["RequestTTY"],true) -}}
+{{       render_option("RequiredRSASize",host["RequiredRSASize"],true) -}}
+ {{       render_option("RevokedHostKeys",host["RevokedHostKeys"],true) -}}
+ {{       render_option("RhostsRSAAuthentication",host["RhostsRSAAuthentication"],true) -}}
+ {{       render_option("RSAAuthentication",host["RSAAuthentication"],true) -}}
+@@ -354,6 +356,7 @@ Host {{ host["Condition"] }}
+ {{ body_option("RemoteCommand",ssh_RemoteCommand) -}}
+ {{ body_option("RemoteForward",ssh_RemoteForward) -}}
+ {{ body_option("RequestTTY",ssh_RequestTTY) -}}
+{{ body_option("RequiredRSASize",ssh_RequiredRSASize) -}}
+ {{ body_option("RevokedHostKeys",ssh_RevokedHostKeys) -}}
+ {{ body_option("RhostsRSAAuthentication",ssh_RhostsRSAAuthentication) -}}
+ {{ body_option("RSAAuthentication",ssh_RSAAuthentication) -}}
+-- 
+2.37.3
+
--- a/SOURCES/0001-sshd-Add-final-version-of-RequiredRSASize.patch
+++ b/SOURCES/0001-sshd-Add-final-version-of-RequiredRSASize.patch
@ -0,0 +1,83 @@
+From 1408f489240dca04f086e4b32b253313eea28ea8 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 26 Sep 2022 15:26:12 +0200
+Subject: [PATCH] Add final version of RequiredRSASize
+
+Keep the old version for backward compatibility
+
+Upstream commit:
+https://github.com/openssh/openssh-portable/commit/1875042c
+---
+ meta/options_body                | 1 +
+ meta/options_match               | 1 +
+ templates/sshd_config.j2         | 2 ++
+ templates/sshd_config_snippet.j2 | 2 ++
+ 4 files changed, 6 insertions(+)
+
+diff --git a/meta/options_body b/meta/options_body
+index 8681269..23a00f4 100644
+--- a/meta/options_body
+++ b/meta/options_body
+@@ -89,6 +89,7 @@ PubkeyAuthentication
+ RSAAuthentication
+ RSAMinSize
+ RekeyLimit
+RequiredRSASize
+ RevokedKeys
+ RDomain
+ RhostsRSAAuthentication
+diff --git a/meta/options_match b/meta/options_match
+index 6ef9214..5ec1413 100644
+--- a/meta/options_match
+++ b/meta/options_match
+@@ -47,6 +47,7 @@ PubkeyAuthentication
+ RDomain
+ RekeyLimit
+ RevokedKeys
+RequiredRSASize
+ RhostsRSAAuthentication
+ RSAAuthentication
+ RSAMinSize
+diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
+index 2899f0a..a3b2465 100644
+--- a/templates/sshd_config.j2
+++ b/templates/sshd_config.j2
+@@ -89,6 +89,7 @@ Match {{ match["Condition"] }}
+ {{       render_option("RDomain",match["RDomain"],true) -}}
+ {{       render_option("RekeyLimit",match["RekeyLimit"],true) -}}
+ {{       render_option("RevokedKeys",match["RevokedKeys"],true) -}}
+{{       render_option("RequiredRSASize",match["RequiredRSASize"],true) -}}
+ {{       render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}}
+ {{       render_option("RSAAuthentication",match["RSAAuthentication"],true) -}}
+ {{       render_option("RSAMinSize",match["RSAMinSize"],true) -}}
+@@ -203,6 +204,7 @@ Match {{ match["Condition"] }}
+ {{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}}
+ {{ body_option("RSAMinSize",sshd_RSAMinSize) -}}
+ {{ body_option("RekeyLimit",sshd_RekeyLimit) -}}
+{{ body_option("RequiredRSASize",sshd_RequiredRSASize) -}}
+ {{ body_option("RevokedKeys",sshd_RevokedKeys) -}}
+ {{ body_option("RDomain",sshd_RDomain) -}}
+ {{ body_option("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) -}}
+diff --git a/templates/sshd_config_snippet.j2 b/templates/sshd_config_snippet.j2
+index 0ece8ed..a12cb3b 100644
+--- a/templates/sshd_config_snippet.j2
+++ b/templates/sshd_config_snippet.j2
+@@ -88,6 +88,7 @@ Match {{ match["Condition"] }}
+ {{       render_option("RDomain",match["RDomain"],true) -}}
+ {{       render_option("RekeyLimit",match["RekeyLimit"],true) -}}
+ {{       render_option("RevokedKeys",match["RevokedKeys"],true) -}}
+{{       render_option("RequiredRSASize",match["RequiredRSASize"],true) -}}
+ {{       render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}}
+ {{       render_option("RSAAuthentication",match["RSAAuthentication"],true) -}}
+ {{       render_option("RSAMinSize",match["RSAMinSize"],true) -}}
+@@ -202,6 +203,7 @@ Match {{ match["Condition"] }}
+ {{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}}
+ {{ body_option("RSAMinSize",sshd_RSAMinSize) -}}
+ {{ body_option("RekeyLimit",sshd_RekeyLimit) -}}
+{{ body_option("RequiredRSASize",sshd_RequiredRSASize) -}}
+ {{ body_option("RevokedKeys",sshd_RevokedKeys) -}}
+ {{ body_option("RDomain",sshd_RDomain) -}}
+ {{ body_option("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) -}}
+-- 
+2.37.3
+
--- a/SOURCES/Bug-2098223-storage-role-raid_level-striped-is-not-supported.patch
+++ b/SOURCES/Bug-2098223-storage-role-raid_level-striped-is-not-supported.patch
@ -1,151 +0,0 @@
-From acb99e74a24fa07863c596fe59d2999adc28c249 Mon Sep 17 00:00:00 2001
-From: Vojtech Trefny <vtrefny@redhat.com>
-Date: Thu, 2 Jun 2022 15:18:19 +0200
-Subject: [PATCH] LVM RAID raid0 level support (#272)
-
-* Add workaround for missing LVM raid0 support in blivet
-
-Blivet supports creating LVs with segment type "raid0" but it is
-not in the list of supported RAID levels. This will be fixed in
-blivet, see https://github.com/storaged-project/blivet/pull/1047
-
-* Add a test for LVM RAID raid0 level
-
-* README: Remove "striped" from the list of supported RAID for pools
-
-We use MD RAID for RAIDs on the pool level which doesn't support
-"striped" level.
-
-* README: Clarify supported volume RAID levels
-
-We support different levels for LVM RAID and MD RAID.
-
-(cherry picked from commit 8b868a348155b08479743945aba88271121ad4b0)
---
- README.md                                    |  7 ++-
- library/blivet.py                            |  7 +++
- tests/tests_create_raid_pool_then_remove.yml | 54 ++++++++++++++++++++
- 3 files changed, 66 insertions(+), 2 deletions(-)
-
-diff --git a/README.md b/README.md
-index f8e3daa..bd123d7 100644
--- a/README.md
-+++ b/README.md
-@@ -54,7 +54,7 @@ device node basename (like `sda` or `mpathb`), /dev/disk/ symlink
- ##### `raid_level`
- When used with `type: lvm` it manages a volume group with a mdraid array of given level
- on it. Input `disks` are in this case used as RAID members.
-Accepted values are: `linear`, `striped`, `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10`
-+Accepted values are: `linear`, `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10`
- 
- ##### `volumes`
- This is a list of volumes that belong to the current pool. It follows the
-@@ -136,7 +136,10 @@ Specifies RAID level. LVM RAID can be created as well.
- "Regular" RAID volume requires type to be `raid`.
- LVM RAID needs that volume has `storage_pools` parent with type `lvm`,
- `raid_disks` need to be specified as well.
-Accepted values are: `linear` (N/A for LVM RAID), `striped`, `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10`
-+Accepted values are:
-+* for LVM RAID volume: `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10`, `striped`, `mirror`
-+* for RAID volume: `linear`, `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10`
-+
- __WARNING__: Changing `raid_level` for a volume is a destructive operation, meaning
-              all data on that volume will be lost as part of the process of
-              removing old and adding new RAID. RAID reshaping is currently not
-diff --git a/library/blivet.py b/library/blivet.py
-index 29552fa..33c93b2 100644
--- a/library/blivet.py
-+++ b/library/blivet.py
-@@ -118,6 +118,7 @@ LIB_IMP_ERR = ""
- try:
-     from blivet3 import Blivet
-     from blivet3.callbacks import callbacks
-+    from blivet3 import devicelibs
-     from blivet3 import devices
-     from blivet3.deviceaction import ActionConfigureFormat
-     from blivet3.flags import flags as blivet_flags
-@@ -132,6 +133,7 @@ except ImportError:
-     try:
-         from blivet import Blivet
-         from blivet.callbacks import callbacks
-+        from blivet import devicelibs
-         from blivet import devices
-         from blivet.deviceaction import ActionConfigureFormat
-         from blivet.flags import flags as blivet_flags
-@@ -152,6 +154,11 @@ if BLIVET_PACKAGE:
-     set_up_logging()
-     log = logging.getLogger(BLIVET_PACKAGE + ".ansible")
- 
-+    # XXX add support for LVM RAID raid0 level
-+    devicelibs.lvm.raid_levels.add_raid_level(devicelibs.raid.RAID0)
-+    if "raid0" not in devicelibs.lvm.raid_seg_types:
-+        devicelibs.lvm.raid_seg_types.append("raid0")
-+
- 
- MAX_TRIM_PERCENT = 2
- 
-diff --git a/tests/tests_create_raid_pool_then_remove.yml b/tests/tests_create_raid_pool_then_remove.yml
-index d81680d..1fb4e15 100644
--- a/tests/tests_create_raid_pool_then_remove.yml
-+++ b/tests/tests_create_raid_pool_then_remove.yml
-@@ -150,3 +150,57 @@
-                 raid_disks: "{{ [unused_disks[0], unused_disks[1]] }}"
- 
-     - include_tasks: verify-role-results.yml
-+
-+    - name: Create a RAID0 lvm raid device
-+      include_role:
-+        name: linux-system-roles.storage
-+      vars:
-+        storage_pools:
-+          - name: vg1
-+            disks: "{{ unused_disks }}"
-+            type: lvm
-+            state: present
-+            volumes:
-+              - name: lv1
-+                size: "{{ volume1_size }}"
-+                mount_point: "{{ mount_location1 }}"
-+                raid_disks: "{{ [unused_disks[0], unused_disks[1]] }}"
-+                raid_level: raid0
-+
-+    - include_tasks: verify-role-results.yml
-+
-+    - name: Repeat the previous invocation to verify idempotence
-+      include_role:
-+        name: linux-system-roles.storage
-+      vars:
-+        storage_pools:
-+          - name: vg1
-+            disks: "{{ unused_disks }}"
-+            type: lvm
-+            state: present
-+            volumes:
-+              - name: lv1
-+                size: "{{ volume1_size }}"
-+                mount_point: "{{ mount_location1 }}"
-+                raid_level: raid0
-+                raid_disks: "{{ [unused_disks[0], unused_disks[1]] }}"
-+
-+    - include_tasks: verify-role-results.yml
-+
-+    - name: Remove the device created above
-+      include_role:
-+        name: linux-system-roles.storage
-+      vars:
-+        storage_pools:
-+          - name: vg1
-+            disks: "{{ unused_disks }}"
-+            type: lvm
-+            state: absent
-+            volumes:
-+              - name: lv1
-+                size: "{{ volume1_size }}"
-+                mount_point: "{{ mount_location1 }}"
-+                raid_level: raid0
-+                raid_disks: "{{ [unused_disks[0], unused_disks[1]] }}"
-+
-+    - include_tasks: verify-role-results.yml
-- 
-2.35.3
-
--- a/SOURCES/Bug-2098224-storage-role-cannot-set-mount_options-for-volumes.patch
+++ b/SOURCES/Bug-2098224-storage-role-cannot-set-mount_options-for-volumes.patch
@ -1,192 +0,0 @@
-From ba8a97039805f488c26b4d857f0137a349359c23 Mon Sep 17 00:00:00 2001
-From: Richard Megginson <rmeggins@redhat.com>
-Date: Mon, 16 May 2022 07:51:43 -0600
-Subject: [PATCH] add support for mount_options (#270)
-
-* add support for mount_options
-
-When support for argument validation was added, that support did not
-include the `mount_options` parameter.  This fix adds back that
-parameter.  In addition, the volume module arguments are refactored
-so that the common volume parameters such as `mount_options` can be
-specified in one place.
-
-This adds a test for the `mount_options` parameter, and adds
-verification for that parameter.
-
-* only checkout mount_options if requested
-
-(cherry picked from commit ecf3d04bb704db5c1a095aaef40c2372fd45d4d6)
---
- library/blivet.py                  | 78 ++++++++++++++----------------
- tests/test-verify-volume-fstab.yml | 22 ++++++++-
- tests/tests_misc.yml               |  3 ++
- 3 files changed, 60 insertions(+), 43 deletions(-)
-
-diff --git a/library/blivet.py b/library/blivet.py
-index 80575bb..29552fa 100644
--- a/library/blivet.py
-+++ b/library/blivet.py
-@@ -105,6 +105,7 @@ volumes:
-     elements: dict
- '''
- 
-+import copy
- import logging
- import os
- import traceback
-@@ -1500,6 +1501,39 @@ def activate_swaps(b, pools, volumes):
- 
- def run_module():
-     # available arguments/parameters that a user can pass
-+    common_volume_opts = dict(encryption=dict(type='bool'),
-+                              encryption_cipher=dict(type='str'),
-+                              encryption_key=dict(type='str'),
-+                              encryption_key_size=dict(type='int'),
-+                              encryption_luks_version=dict(type='str'),
-+                              encryption_password=dict(type='str'),
-+                              fs_create_options=dict(type='str'),
-+                              fs_label=dict(type='str', default=''),
-+                              fs_type=dict(type='str'),
-+                              mount_options=dict(type='str'),
-+                              mount_point=dict(type='str'),
-+                              name=dict(type='str'),
-+                              raid_level=dict(type='str'),
-+                              size=dict(type='str'),
-+                              state=dict(type='str', default='present', choices=['present', 'absent']),
-+                              type=dict(type='str'))
-+    volume_opts = copy.deepcopy(common_volume_opts)
-+    volume_opts.update(
-+        dict(disks=dict(type='list'),
-+             raid_device_count=dict(type='int'),
-+             raid_spare_count=dict(type='int'),
-+             raid_metadata_version=dict(type='str')))
-+    pool_volume_opts = copy.deepcopy(common_volume_opts)
-+    pool_volume_opts.update(
-+        dict(cached=dict(type='bool'),
-+             cache_devices=dict(type='list', elements='str', default=list()),
-+             cache_mode=dict(type='str'),
-+             cache_size=dict(type='str'),
-+             compression=dict(type='bool'),
-+             deduplication=dict(type='bool'),
-+             raid_disks=dict(type='list', elements='str', default=list()),
-+             vdo_pool_size=dict(type='str')))
-+
-     module_args = dict(
-         pools=dict(type='list', elements='dict',
-                    options=dict(disks=dict(type='list', elements='str', default=list()),
-@@ -1517,49 +1551,9 @@ def run_module():
-                                 state=dict(type='str', default='present', choices=['present', 'absent']),
-                                 type=dict(type='str'),
-                                 volumes=dict(type='list', elements='dict', default=list(),
-                                             options=dict(cached=dict(type='bool'),
-                                                          cache_devices=dict(type='list', elements='str', default=list()),
-                                                          cache_mode=dict(type='str'),
-                                                          cache_size=dict(type='str'),
-                                                          compression=dict(type='bool'),
-                                                          deduplication=dict(type='bool'),
-                                                          encryption=dict(type='bool'),
-                                                          encryption_cipher=dict(type='str'),
-                                                          encryption_key=dict(type='str'),
-                                                          encryption_key_size=dict(type='int'),
-                                                          encryption_luks_version=dict(type='str'),
-                                                          encryption_password=dict(type='str'),
-                                                          fs_create_options=dict(type='str'),
-                                                          fs_label=dict(type='str', default=''),
-                                                          fs_type=dict(type='str'),
-                                                          mount_point=dict(type='str'),
-                                                          name=dict(type='str'),
-                                                          raid_disks=dict(type='list', elements='str', default=list()),
-                                                          raid_level=dict(type='str'),
-                                                          size=dict(type='str'),
-                                                          state=dict(type='str', default='present', choices=['present', 'absent']),
-                                                          type=dict(type='str'),
-                                                          vdo_pool_size=dict(type='str'))))),
-+                                             options=pool_volume_opts))),
-         volumes=dict(type='list', elements='dict',
-                     options=dict(disks=dict(type='list'),
-                                  encryption=dict(type='bool'),
-                                  encryption_cipher=dict(type='str'),
-                                  encryption_key=dict(type='str'),
-                                  encryption_key_size=dict(type='int'),
-                                  encryption_luks_version=dict(type='str'),
-                                  encryption_password=dict(type='str'),
-                                  fs_create_options=dict(type='str'),
-                                  fs_label=dict(type='str', default=''),
-                                  fs_type=dict(type='str'),
-                                  mount_point=dict(type='str'),
-                                  name=dict(type='str'),
-                                  raid_level=dict(type='str'),
-                                  raid_device_count=dict(type='int'),
-                                  raid_spare_count=dict(type='int'),
-                                  raid_metadata_version=dict(type='str'),
-                                  size=dict(type='str'),
-                                  state=dict(type='str', default='present', choices=['present', 'absent']),
-                                  type=dict(type='str'))),
-+                     options=volume_opts),
-         packages_only=dict(type='bool', required=False, default=False),
-         disklabel_type=dict(type='str', required=False, default=None),
-         safe_mode=dict(type='bool', required=False, default=True),
-diff --git a/tests/test-verify-volume-fstab.yml b/tests/test-verify-volume-fstab.yml
-index 80d78f0..0091084 100644
--- a/tests/test-verify-volume-fstab.yml
-+++ b/tests/test-verify-volume-fstab.yml
-@@ -11,6 +11,15 @@
-     storage_test_fstab_expected_mount_point_matches: "{{ 1
-       if (_storage_test_volume_present and storage_test_volume.mount_point and storage_test_volume.mount_point.startswith('/'))
-       else 0 }}"
-+    storage_test_fstab_mount_options_matches: "{{ storage_test_fstab.stdout_lines |
-+      map('regex_search', ' ' + storage_test_volume.mount_point + ' .* ' + storage_test_volume.mount_options + ' +') |
-+      select('string')|list if (
-+        storage_test_volume.mount_options|d('none',true) != 'none'
-+        and storage_test_volume.mount_point|d('none',true) != 'none'
-+      ) else [] }}"
-+    storage_test_fstab_expected_mount_options_matches: "{{ 1
-+      if (_storage_test_volume_present and storage_test_volume.mount_options)
-+      else 0 }}"
- 
- # device id
- - name: Verify that the device identifier appears in /etc/fstab
-@@ -26,7 +35,16 @@
-     msg: "Expected number ({{ storage_test_fstab_expected_mount_point_matches }}) of
-       entries with volume '{{ storage_test_volume.name }}' mount point not found in /etc/fstab."
- 
-# todo: options
-+# mount options
-+- name: Verify mount_options
-+  assert:
-+    that: storage_test_fstab_mount_options_matches|length == storage_test_fstab_expected_mount_options_matches|int
-+    msg: "Expected number ({{ storage_test_fstab_expected_mount_options_matches }}) of
-+      entries with volume '{{ storage_test_volume.name }}' mount options not found in /etc/fstab."
-+  when:
-+    - __storage_verify_mount_options | d(false)
-+    - "'mount_options' in storage_test_volume"
-+    - "'mount_point' in storage_test_volume"
- 
- - name: Clean up variables
-   set_fact:
-@@ -34,3 +52,5 @@
-     storage_test_fstab_mount_point_matches: null
-     storage_test_fstab_expected_id_matches: null
-     storage_test_fstab_expected_mount_point_matches: null
-+    storage_test_fstab_mount_options_matches: null
-+    storage_test_fstab_expected_mount_options_matches: null
-diff --git a/tests/tests_misc.yml b/tests/tests_misc.yml
-index 159c959..97c1627 100644
--- a/tests/tests_misc.yml
-+++ b/tests/tests_misc.yml
-@@ -189,8 +189,11 @@
-             fs_type: 'ext4'
-             fs_create_options: '-F'
-             mount_point: "{{ mount_location }}"
-+            mount_options: rw,noatime,defaults
- 
-     - include_tasks: verify-role-results.yml
-+      vars:
-+        __storage_verify_mount_options: true
- 
-     - name: Remove the disk volume created above
-       include_role:
-- 
-2.35.3
-
--- a/SOURCES/CHANGELOG.md
+++ b/SOURCES/CHANGELOG.md
@ -0,0 +1,531 @@
+Changelog
+=========
+[1.20.1] - 2022-09-27
+----------------------------
+
+### New Features
+
+- [ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles](https://bugzilla.redhat.com/show_bug.cgi?id=2129873)
+
+### Bug Fixes
+
+- none
+
+[1.20.0] - 2022-08-05
+----------------------------
+
+### New Features
+
+- [cockpit - Add customization of port](https://bugzilla.redhat.com/show_bug.cgi?id=2115152)
+- [firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID](https://bugzilla.redhat.com/show_bug.cgi?id=2100942)
+- [firewall - support for firewall_config - gather firewall facts](https://bugzilla.redhat.com/show_bug.cgi?id=2115154)
+- [logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs](https://bugzilla.redhat.com/show_bug.cgi?id=2112145)
+- [selinux - Added setting of seuser and selevel for completeness](https://bugzilla.redhat.com/show_bug.cgi?id=2115157)
+
+### Bug Fixes
+
+- [nbde_client - Sets proper spacing for parameter rd.neednet=1](https://bugzilla.redhat.com/show_bug.cgi?id=2115156)
+- [network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence](https://bugzilla.redhat.com/show_bug.cgi?id=2115886)
+- [ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing](https://bugzilla.redhat.com/show_bug.cgi?id=2109998)
+- [storage - [RHEL9] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.](https://bugzilla.redhat.com/show_bug.cgi?id=2082736)
+
+[1.19.3] - 2022-07-01
+----------------------------
+
+### New Features
+
+- [firewall - support add/modify/delete services](https://bugzilla.redhat.com/show_bug.cgi?id=2100292)
+- [network - [RFE] [network] Support managing the network through nmstate schema](https://bugzilla.redhat.com/show_bug.cgi?id=2072385)
+- [storage - support for adding/removing disks to/from storage pools](https://bugzilla.redhat.com/show_bug.cgi?id=2072742)
+- [storage - support for attaching cache volumes to existing volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2072746)
+
+### Bug Fixes
+
+- [firewall - forward_port should accept list of string or list of dict](https://bugzilla.redhat.com/show_bug.cgi?id=2100605)
+- [metrics - document minimum supported redis version required by rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=2100286)
+- [metrics - restart pmie, pmlogger if changed, do not wait for handler](https://bugzilla.redhat.com/show_bug.cgi?id=2100294)
+- [storage - [RHEL9] _storage_test_pool_pvs get wrong data type in  test-verify-pool-members.yml](https://bugzilla.redhat.com/show_bug.cgi?id=2044119)
+
+[1.19.2] - 2022-06-15
+----------------------------
+
+### New Features
+
+- [sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9](https://bugzilla.redhat.com/show_bug.cgi?id=2052086)
+
+### Bug Fixes
+
+- none
+
+[1.19.1] - 2022-06-13
+----------------------------
+
+### New Features
+
+- [storage - support for creating and managing LVM thin pools/LVs](https://bugzilla.redhat.com/show_bug.cgi?id=2072745)
+- [All roles should support running with gather_facts: false](https://bugzilla.redhat.com/show_bug.cgi?id=2078989)
+
+### Bug Fixes
+
+- none
+
+[1.19.0] - 2022-06-06
+----------------------------
+
+### New Features
+
+- [storage - support for creating and managing LVM thin pools/LVs](https://bugzilla.redhat.com/show_bug.cgi?id=2072745)
+- [firewall - state no longer required for masquerade and ICMP block inversion](https://bugzilla.redhat.com/show_bug.cgi?id=2093423)
+
+### Bug Fixes
+
+- [storage - role raid_level "striped" is not supported](https://bugzilla.redhat.com/show_bug.cgi?id=2083410)
+
+[1.18.0] - 2022-05-02
+----------------------------
+
+### New Features
+
+- [firewall - [Improvement] Allow System Role to reset to default Firewalld Settings](https://bugzilla.redhat.com/show_bug.cgi?id=2043010)
+- [metrics - [RFE] add an option to the metrics role to enable postfix metric collection](https://bugzilla.redhat.com/show_bug.cgi?id=2051737)
+- [network - Rework the infiniband support](https://bugzilla.redhat.com/show_bug.cgi?id=2086965)
+- [sshd - system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf"](https://bugzilla.redhat.com/show_bug.cgi?id=2052081)
+- [sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9](https://bugzilla.redhat.com/show_bug.cgi?id=2052086)
+
+### Bug Fixes
+
+- [storage - role cannot set mount_options for volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2083376)
+
+[1.17.0] - 2022-04-25
+----------------------------
+
+### New Features
+
+- [All roles should support running with gather_facts: false](https://bugzilla.redhat.com/show_bug.cgi?id=2078989)
+- [ha_cluster - support advanced corosync configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2065337)
+- [ha_cluster - support SBD fencing](https://bugzilla.redhat.com/show_bug.cgi?id=2079626)
+- [ha_cluster - add support for configuring bundle resources](https://bugzilla.redhat.com/show_bug.cgi?id=2073519)
+- [logging - Logging - RFE - support template, severity and facility options](https://bugzilla.redhat.com/show_bug.cgi?id=2075119)
+- [metrics - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065392)
+- [metrics - [RFE] add an option to the metrics role to enable postfix metric collection](https://bugzilla.redhat.com/show_bug.cgi?id=2051737)
+- [network - [RFE] Extend rhel-system-roles.network feature set to support routing rules](https://bugzilla.redhat.com/show_bug.cgi?id=2079622)
+- [postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default [rhel-9.1.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065383)
+- [storage - RFE storage Less verbosity by default](https://bugzilla.redhat.com/show_bug.cgi?id=2079627)
+
+### Bug Fixes
+
+- [firewall - Firewall system role Ansible deprecation warning related to "include"](https://bugzilla.redhat.com/show_bug.cgi?id=2061511)
+- [kernel_settings - error configobj not found on RHEL 8.6 managed hosts](https://bugzilla.redhat.com/show_bug.cgi?id=2060525)
+- [logging - tests fail during cleanup if no cloud-init on system](https://bugzilla.redhat.com/show_bug.cgi?id=2058799)
+- [metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run](https://bugzilla.redhat.com/show_bug.cgi?id=2060523)
+- [nbde_client - NBDE client system role does not support servers with static IP addresses [rhel-9.1.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2070462)
+- [network - bond: fix typo in supporting the infiniband ports in active-backup mode [rhel-9.1.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065394)
+- [network - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065382)
+- [postfix - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065393)
+- [sshd - FIPS mode detection in SSHD role is wrong](https://bugzilla.redhat.com/show_bug.cgi?id=2073605)
+- [tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default](https://bugzilla.redhat.com/show_bug.cgi?id=2071804)
+
+[1.16.3] - 2022-04-07
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default](https://bugzilla.redhat.com/show_bug.cgi?id=2072749)
+
+[1.16.2] - 2022-04-06
+----------------------------
+
+### New Features
+
+- [nbde_client - NBDE client system role does not support servers with static IP addresses](https://bugzilla.redhat.com/show_bug.cgi?id=1985022)
+
+### Bug Fixes
+
+- none
+
+[1.16.1] - 2022-03-29
+----------------------------
+
+### New Features
+
+- [nbde_client - NBDE client system role does not support servers with static IP addresses](https://bugzilla.redhat.com/show_bug.cgi?id=1985022)
+
+### Bug Fixes
+
+- none
+
+[1.16.0] - 2022-03-22
+----------------------------
+
+### New Features
+
+- [network - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2057656)
+- [metrics - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2057645)
+- [postfix - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2057661)
+- [postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default](https://bugzilla.redhat.com/show_bug.cgi?id=2044657)
+
+### Bug Fixes
+
+- [network - bond: fix typo in supporting the infiniband ports in active-backup mode](https://bugzilla.redhat.com/show_bug.cgi?id=2064388)
+
+[1.15.1] - 2022-03-03
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [kernel_settings - error configobj not found on RHEL 8.6 managed hosts](https://bugzilla.redhat.com/show_bug.cgi?id=2058772)
+- [timesync - timesync: basic-smoke test failure in timesync/tests_ntp.yml](https://bugzilla.redhat.com/show_bug.cgi?id=2058645)
+
+[1.15.0] - 2022-03-01
+----------------------------
+
+### New Features
+
+- [firewall - [RFE] - Firewall RHEL System Role should be able to set default zone](https://bugzilla.redhat.com/show_bug.cgi?id=2022458)
+
+### Bug Fixes
+
+- [metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run](https://bugzilla.redhat.com/show_bug.cgi?id=2058655)
+- [firewall - ensure target changes take effect immediately](https://bugzilla.redhat.com/show_bug.cgi?id=2057172)
+
+[1.14.0] - 2022-02-21
+----------------------------
+
+### New Features
+
+- [network - [RFE] Add more bonding options to rhel-system-roles.network](https://bugzilla.redhat.com/show_bug.cgi?id=2008931)
+- [certificate - should consistently use ansible_managed in hook scripts](https://bugzilla.redhat.com/show_bug.cgi?id=2054364)
+- [tlog - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2054363)
+- [vpn - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2054365)
+
+### Bug Fixes
+
+- [ha_cluster - set permissions for haclient group](https://bugzilla.redhat.com/show_bug.cgi?id=2049747)
+
+[1.13.0] - 2022-02-14
+----------------------------
+
+### New Features
+
+- [storage - RFE: Add support for RAID volumes (lvm-only)](https://bugzilla.redhat.com/show_bug.cgi?id=2016514)
+- [storage - RFE: Add support for cached volumes (lvm-only)](https://bugzilla.redhat.com/show_bug.cgi?id=2016511)
+- [nbde_client - NBDE client system role does not support servers with static IP addresses](https://bugzilla.redhat.com/show_bug.cgi?id=1985022)
+- [ha_cluster - [RFE] ha_cluster - Support for creating resource constraints (Location, Ordering, etc.)](https://bugzilla.redhat.com/show_bug.cgi?id=2041635)
+- [network - RFE: Support Routing Tables in static routes in Network Role](https://bugzilla.redhat.com/show_bug.cgi?id=2031521)
+
+### Bug Fixes
+
+- [metrics - role can't be re-run if the Grafana admin password has been changed](https://bugzilla.redhat.com/show_bug.cgi?id=1967321)
+- [network - Failure to activate connection: nm-manager-error-quark: No suitable device found for this connection](https://bugzilla.redhat.com/show_bug.cgi?id=2034908)
+- [network - Set DNS search setting only for enabled IP protocols](https://bugzilla.redhat.com/show_bug.cgi?id=2041627)
+
+[1.12.1] - 2022-02-08
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [vpn - vpn: template error while templating string: no filter named 'vpn_ipaddr'](https://bugzilla.redhat.com/show_bug.cgi?id=2050341)
+- [kdump - kdump: Unable to start service kdump: Job for kdump.service failed because the control process exited with error code.](https://bugzilla.redhat.com/show_bug.cgi?id=2052105)
+
+[1.12.0] - 2022-02-03
+----------------------------
+
+### New Features
+
+- [Support ansible-core 2.11+](https://bugzilla.redhat.com/show_bug.cgi?id=2012316)
+
+### Bug Fixes
+
+- [logging - Logging role "logging_purge_confs" option not properly working](https://bugzilla.redhat.com/show_bug.cgi?id=2040812)
+- [kernel_settings - role should use ansible_managed in its configuration file](https://bugzilla.redhat.com/show_bug.cgi?id=2047504)
+
+[1.11.0] - 2022-01-20
+----------------------------
+
+### New Features
+
+- [Support ansible-core 2.11+](https://bugzilla.redhat.com/show_bug.cgi?id=2012316)
+- [cockpit - Please include "cockpit" role](https://bugzilla.redhat.com/show_bug.cgi?id=2021661)
+- [ssh - ssh/tests_all_options.yml: "assertion": "'StdinNull yes' in config.content | b64decode ", failure](https://bugzilla.redhat.com/show_bug.cgi?id=2029614)
+
+### Bug Fixes
+
+- [timesync - timesync: Failure related to missing ntp/ntpd package/service on RHEL-9 host](https://bugzilla.redhat.com/show_bug.cgi?id=2029463)
+- [logging - role missing quotes for immark module interval value](https://bugzilla.redhat.com/show_bug.cgi?id=2021678)
+- [kdump - kdump: support reboot required and reboot ok](https://bugzilla.redhat.com/show_bug.cgi?id=2029605)
+- [sshd - should detect FIPS mode and handle tasks correctly in FIPS mode](https://bugzilla.redhat.com/show_bug.cgi?id=1979714)
+
+[1.10.0] - 2021-11-08
+----------------------------
+
+### New Features
+
+- [cockpit - Please include "cockpit" role](https://bugzilla.redhat.com/show_bug.cgi?id=2021661)
+- [firewall - Ansible Roles for RHEL Firewall](https://bugzilla.redhat.com/show_bug.cgi?id=1854988)
+- [firewall - RFE: firewall-system-role: add ability to add-source](https://bugzilla.redhat.com/show_bug.cgi?id=1932678)
+- [firewall - RFE: firewall-system-role: allow user defined zones](https://bugzilla.redhat.com/show_bug.cgi?id=1850768)
+- [firewall - RFE: firewall-system-role: allow specifying the zone](https://bugzilla.redhat.com/show_bug.cgi?id=1850753)
+- [Support ansible-core 2.11+](https://bugzilla.redhat.com/show_bug.cgi?id=2012316)
+- [network - role: Allow to specify PCI address to configure profiles](https://bugzilla.redhat.com/show_bug.cgi?id=1695634)
+- [network - [RFE] support wifi Enhanced Open (OWE)](https://bugzilla.redhat.com/show_bug.cgi?id=1993379)
+- [network - [RFE] support WPA3 Simultaneous Authentication of Equals(SAE)](https://bugzilla.redhat.com/show_bug.cgi?id=1993311)
+- [network - [Network] RFE: Support ignoring default gateway retrieved by DHCP/IPv6-RA](https://bugzilla.redhat.com/show_bug.cgi?id=1897565)
+- [logging - [RFE]  logging - Add user and password](https://bugzilla.redhat.com/show_bug.cgi?id=2010327)
+
+### Bug Fixes
+
+- [Replace `# {{ ansible_managed }}` with `{{ ansible_managed | comment }}`](https://bugzilla.redhat.com/show_bug.cgi?id=2006230)
+- [logging - role missing quotes for immark module interval value](https://bugzilla.redhat.com/show_bug.cgi?id=2021678)
+- [logging - Logging - Performance improvement](https://bugzilla.redhat.com/show_bug.cgi?id=2005727)
+- [nbde_client - add regenerate-all to the dracut command](https://bugzilla.redhat.com/show_bug.cgi?id=2021682)
+- [certificate - certificates: "group" option keeps certificates inaccessible to the group](https://bugzilla.redhat.com/show_bug.cgi?id=2021683)
+
+[1.9.0] - 2021-10-26
+----------------------------
+
+### New Features
+
+- [logging - [RFE]  logging - Add user and password](https://bugzilla.redhat.com/show_bug.cgi?id=1990490)
+
+### Bug Fixes
+
+- [Replace `# {{ ansible_managed }}` with `{{ ansible_managed | comment }}`](https://bugzilla.redhat.com/show_bug.cgi?id=2006230)
+
+[1.8.3] - 2021-08-26
+----------------------------
+
+### New Features
+
+- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1978488)
+
+### Bug Fixes
+
+- none
+
+[1.8.2] - 2021-08-24
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [logging - Update the certificates copy tasks](https://bugzilla.redhat.com/show_bug.cgi?id=1996777)
+
+[1.8.1] - 2021-08-16
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [metrics - role: the bpftrace role does not properly configure bpftrace agent](https://bugzilla.redhat.com/show_bug.cgi?id=1994180)
+
+[1.8.0] - 2021-08-12
+----------------------------
+
+### New Features
+
+- [drop support for Ansible 2.8](https://bugzilla.redhat.com/show_bug.cgi?id=1989197)
+
+### Bug Fixes
+
+- [sshd - sshd: failed to validate: error:Missing Match criteria for all Bad Match condition](https://bugzilla.redhat.com/show_bug.cgi?id=1991598)
+
+[1.7.5] - 2021-08-10
+----------------------------
+
+### New Features
+
+- [logging - [RFE] logging - Add a support for list value to server_host in the elasticsearch output](https://bugzilla.redhat.com/show_bug.cgi?id=1986460)
+
+### Bug Fixes
+
+- none
+
+[1.7.4] - 2021-08-06
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [metrics - role: Grafana dashboard not working after metrics role run unless services manually restarted](https://bugzilla.redhat.com/show_bug.cgi?id=1984150)
+
+[1.7.0] - 2021-07-28
+----------------------------
+
+### New Features
+
+- [logging - [RFE] logging - Add a support for list value to server_host in the elasticsearch output](https://bugzilla.redhat.com/show_bug.cgi?id=1986460)
+- [storage - [RFE] storage: support volume sizes as a percentage of pool](https://bugzilla.redhat.com/show_bug.cgi?id=1984583)
+
+### Bug Fixes
+
+- none
+
+[1.6.0] - 2021-07-15
+----------------------------
+
+### New Features
+
+- [ha_cluster - RFE: ha_cluster - add pacemaker cluster properties configuration](https://bugzilla.redhat.com/show_bug.cgi?id=1982913)
+
+### Bug Fixes
+
+- none
+
+[1.5.0] - 2021-07-15
+----------------------------
+
+### New Features
+
+- [crypto_policies - rename 'policy modules' to 'subpolicies'](https://bugzilla.redhat.com/show_bug.cgi?id=1982896)
+
+### Bug Fixes
+
+- none
+
+[1.4.2] - 2021-07-15
+----------------------------
+
+### New Features
+
+- [storage - storage: relabel doesn't support](https://bugzilla.redhat.com/show_bug.cgi?id=1876315)
+
+### Bug Fixes
+
+- none
+
+[1.4.1] - 2021-07-09
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [network - Re-running the network system role results in "changed: true" when nothing has actually changed](https://bugzilla.redhat.com/show_bug.cgi?id=1980871)
+
+[1.4.0] - 2021-07-08
+----------------------------
+
+### New Features
+
+- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1882475)
+
+### Bug Fixes
+
+- none
+
+[1.3.0] - 2021-06-23
+----------------------------
+
+### New Features
+
+- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1978488)
+- [sshd - RFE: sshd - support for appending a snippet to configuration file](https://bugzilla.redhat.com/show_bug.cgi?id=1978752)
+- [timesync - RFE: timesync support for Network Time Security (NTS)](https://bugzilla.redhat.com/show_bug.cgi?id=1978753)
+
+### Bug Fixes
+
+- [postfix - Postfix RHEL system role README.md missing variables under the "Role Variables" section](https://bugzilla.redhat.com/show_bug.cgi?id=1978734)
+- [postfix - the postfix role is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=1978760)
+- [selinux - task for semanage says Fedora in name but also runs on RHEL/CentOS 8](https://bugzilla.redhat.com/show_bug.cgi?id=1978740)
+- [metrics - role task to enable logging for targeted hosts not working](https://bugzilla.redhat.com/show_bug.cgi?id=1978746)
+- [sshd ssh - Unable to set sshd_hostkey_group and sshd_hostkey_mode](https://bugzilla.redhat.com/show_bug.cgi?id=1978745)
+
+[1.2.3] - 2021-06-17
+----------------------------
+
+### New Features
+
+- [main.yml: Add EL 9 support for all roles](https://bugzilla.redhat.com/show_bug.cgi?id=1952887)
+
+### Bug Fixes
+
+- none
+
+[1.2.2] - 2021-06-15
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [Internal links in README.md are broken](https://bugzilla.redhat.com/show_bug.cgi?id=1962976)
+
+[1.2.1] - 2021-05-21
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [Internal links in README.md are broken](https://bugzilla.redhat.com/show_bug.cgi?id=1962976)
+
+[1.2.0] - 2021-05-21
+----------------------------
+
+### New Features
+
+- [network - role: Support ethtool -G|--set-ring options](https://bugzilla.redhat.com/show_bug.cgi?id=1959649)
+
+### Bug Fixes
+
+- [postfix - the postfix role is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=1960375)
+- [postfix - postfix: Use FQRN in README](https://bugzilla.redhat.com/show_bug.cgi?id=1958963)
+- [postfix - Documentation error in rhel-system-roles postfix readme file](https://bugzilla.redhat.com/show_bug.cgi?id=1866544)
+- [storage - storage: calltrace observed when set type: partition for storage_pools](https://bugzilla.redhat.com/show_bug.cgi?id=1854187)
+- [ha_cluster - cannot read preshared key in binary format](https://bugzilla.redhat.com/show_bug.cgi?id=1952620)
+
+[1.1.0] - 2021-05-13
+----------------------------
+
+### New Features
+
+- [timesync - [RFE] support for free form configuration for chrony](https://bugzilla.redhat.com/show_bug.cgi?id=1938023)
+- [timesync - [RFE] support for timesync_max_distance to configure maxdistance/maxdist parameter](https://bugzilla.redhat.com/show_bug.cgi?id=1938016)
+- [timesync - [RFE] support for ntp xleave, filter, and hw timestamping](https://bugzilla.redhat.com/show_bug.cgi?id=1938020)
+- [selinux - [RFE] Ability to install custom SELinux module via Ansible](https://bugzilla.redhat.com/show_bug.cgi?id=1848683)
+- [network - support for ipv6_disabled to disable ipv6 for address](https://bugzilla.redhat.com/show_bug.cgi?id=1939711)
+- [vpn - [RFE] Release Ansible role for vpn in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1943679)
+
+### Bug Fixes
+
+- [Bug fixes for Collection/Automation Hub](https://bugzilla.redhat.com/show_bug.cgi?id=1954747)
+- [timesync - do not use ignore_errors in timesync role](https://bugzilla.redhat.com/show_bug.cgi?id=1938014)
+- [selinux - rhel-system-roles should not reload the SELinux policy if its not changed](https://bugzilla.redhat.com/show_bug.cgi?id=1757869)
+
+[0.6] - 2018-05-11
+----------------------------
+
+### New Features
+
+- [RFE: Ansible rhel-system-roles.network: add ETHTOOL_OPTS, LINKDELAY, IPV4_FAILURE_FATAL](https://bugzilla.redhat.com/show_bug.cgi?id=1478576)
+
+### Bug Fixes
+
+- none
--- a/SOURCES/ansible-sshd.patch
+++ b/SOURCES/ansible-sshd.patch
@ -1,428 +0,0 @@
-From e3004a25d680a17852ade20fa7438b5d4acfc470 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 6 Apr 2022 10:42:17 +0200
-Subject: [PATCH 1/7] Update templates to apply FIPS hostkeys filter
-
-This fixes up the commit 7f69d1e6
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
- templates/sshd_config.j2         | 6 +++++-
- templates/sshd_config_snippet.j2 | 6 +++++-
- 2 files changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
-index 15ee668..8c7f322 100644
--- a/templates/sshd_config.j2
-+++ b/templates/sshd_config.j2
-@@ -22,7 +22,11 @@
- {%   elif sshd[key] is defined %}
- {%     set value = sshd[key] %}
- {%   elif __sshd_defaults[key] is defined and not sshd_skip_defaults %}
-{%     set value = __sshd_defaults[key] %}
-+{%     if key == 'HostKey' and __sshd_fips_mode %}
-+{%       set value = __sshd_defaults[key] | difference(__sshd_hostkeys_nofips) %}
-+{%     else %}
-+{%       set value = __sshd_defaults[key] %}
-+{%     endif %}
- {%   endif %}
- {{ render_option(key,value) -}}
- {% endmacro %}
-diff --git a/templates/sshd_config_snippet.j2 b/templates/sshd_config_snippet.j2
-index 6766e09..6b23c76 100644
--- a/templates/sshd_config_snippet.j2
-+++ b/templates/sshd_config_snippet.j2
-@@ -21,7 +21,11 @@
- {%   elif sshd[key] is defined %}
- {%     set value = sshd[key] %}
- {%   elif __sshd_defaults[key] is defined and not sshd_skip_defaults %}
-{%     set value = __sshd_defaults[key] %}
-+{%     if key == 'HostKey' and __sshd_fips_mode %}
-+{%       set value = __sshd_defaults[key] | difference(__sshd_hostkeys_nofips) %}
-+{%     else %}
-+{%       set value = __sshd_defaults[key] %}
-+{%     endif %}
- {%   endif %}
- {{ render_option(key,value) -}}
- {% endmacro %}
-- 
-2.34.1
-
-
-From 8ee135cbd9ea63e4345a5ec618d64d14f6b03eee Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 6 Apr 2022 11:10:27 +0200
-Subject: [PATCH 2/7] Set explicit path to the main configuration file to work
- well with the drop-in directory
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
- tests/tests_alternative_file.yml      | 2 ++
- tests/tests_alternative_file_role.yml | 2 ++
- 2 files changed, 4 insertions(+)
-
-diff --git a/tests/tests_alternative_file.yml b/tests/tests_alternative_file.yml
-index 0a8ccaf..215c726 100644
--- a/tests/tests_alternative_file.yml
-+++ b/tests/tests_alternative_file.yml
-@@ -6,6 +6,7 @@
-       - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
-       - /etc/ssh/sshd_config_custom
-       - /etc/ssh/sshd_config_custom_second
-+      - /tmp/ssh_host_ecdsa_key
-   tasks:
-     - name: "Backup configuration files"
-       include_tasks: tasks/backup.yml
-@@ -52,6 +53,7 @@
-       include_role:
-         name: ansible-sshd
-       vars:
-+        sshd_config_file: /etc/ssh/sshd_config
-         sshd:
-           Banner: /etc/issue
-           Ciphers: aes192-ctr
-diff --git a/tests/tests_alternative_file_role.yml b/tests/tests_alternative_file_role.yml
-index 9177709..3e7c7ea 100644
--- a/tests/tests_alternative_file_role.yml
-+++ b/tests/tests_alternative_file_role.yml
-@@ -6,6 +6,7 @@
-       - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
-       - /etc/ssh/sshd_config_custom
-       - /etc/ssh/sshd_config_custom_second
-+      - /tmp/ssh_host_ecdsa_key
-   tasks:
-     - name: "Backup configuration files"
-       include_tasks: tasks/backup.yml
-@@ -57,6 +58,7 @@
-   roles:
-     - ansible-sshd
-   vars:
-+    sshd_config_file: /etc/ssh/sshd_config
-     sshd:
-       Banner: /etc/issue
-       Ciphers: aes192-ctr
-- 
-2.34.1
-
-
-From 041e86952d14b5c90795fb553e7ba942d541a6b3 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 6 Apr 2022 11:17:12 +0200
-Subject: [PATCH 3/7] tests: Fix OS detection to match also CentOS 9
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
- tests/tasks/setup.yml | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/tests/tasks/setup.yml b/tests/tasks/setup.yml
-index 90a3f00..a0e9324 100644
--- a/tests/tasks/setup.yml
-+++ b/tests/tasks/setup.yml
-@@ -26,6 +26,5 @@
-     main_sshd_config_name: 00-ansible_system_role.conf
-     main_sshd_config_path: /etc/ssh/sshd_config.d/
-   when: >
-    ansible_facts['distribution'] == 'Fedora' or
-    (ansible_facts['distribution'] == 'RedHat' and
-     ansible_facts['distribution_major_version']|int > 8)
-+    ansible_facts['os_family'] == 'RedHat' and
-+    ansible_facts['distribution_major_version']|int > 8
-- 
-2.34.1
-
-
-From e33f2f5bb874aa786ac0c81e8ef63509033f6644 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 6 Apr 2022 11:20:34 +0200
-Subject: [PATCH 4/7] tests: Slurp the correct file when writing main config
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
- tests/tests_alternative_file.yml      | 2 +-
- tests/tests_alternative_file_role.yml | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tests/tests_alternative_file.yml b/tests/tests_alternative_file.yml
-index 215c726..172c73a 100644
--- a/tests/tests_alternative_file.yml
-+++ b/tests/tests_alternative_file.yml
-@@ -82,7 +82,7 @@
- 
-         - name: Print the main configuration file
-           slurp:
-            src: "{{ main_sshd_config }}"
-+            src: /etc/ssh/sshd_config
-           register: config3
- 
-         - name: Check content of first configuration file
-diff --git a/tests/tests_alternative_file_role.yml b/tests/tests_alternative_file_role.yml
-index 3e7c7ea..09fbce4 100644
--- a/tests/tests_alternative_file_role.yml
-+++ b/tests/tests_alternative_file_role.yml
-@@ -98,7 +98,7 @@
- 
-         - name: Print the main configuration file
-           slurp:
-            src: "{{ main_sshd_config }}"
-+            src: /etc/ssh/sshd_config
-           register: config3
- 
-         - name: Check content of first configuration file
-- 
-2.34.1
-
-
-From 8d91dcecd000e7843ad9e827c3d2e6e04ce05e8d Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 6 Apr 2022 20:28:32 +0200
-Subject: [PATCH 5/7] Unbreak FIPS detection and hostkey filtering
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
- tasks/install.yml | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
-
-diff --git a/tasks/install.yml b/tasks/install.yml
-index f1d8455..571281c 100644
--- a/tasks/install.yml
-+++ b/tasks/install.yml
-@@ -40,10 +40,11 @@
- 
- - name: Make sure hostkeys are available and have expected permissions
-   vars: &share_vars
-+    # 'MAo=' evaluates to '0\n' in base 64 encoding, which is default
-     __sshd_fips_mode: >-
-      - __sshd_hostkeys_nofips | d([])
-      - __sshd_kernel_fips_mode.content | b64decode == "1" | bool or \
-        __sshd_userspace_fips_mode.content | b64decode != "0" | bool
-+      {{ __sshd_hostkeys_nofips | d([]) and
-+         (__sshd_kernel_fips_mode.content | d('MAo=') | b64decode | trim == '1' or
-+          __sshd_userspace_fips_mode.content | d('MAo=') | b64decode | trim != '0') }}
-     # This mimics the macro body_option() in sshd_config.j2
-     # The explicit to_json filter is needed for Python 2 compatibility
-     __sshd_hostkeys_from_config: >-
-@@ -58,14 +59,14 @@
-           {{ __sshd_defaults['HostKey'] | to_json }}
-         {% endif %}
-       {% else %}
-        []
-+        {{ [] | to_json }}
-       {% endif %}
-     __sshd_verify_hostkeys: >-
-       {% if not sshd_verify_hostkeys %}
-        []
-+        {{ [] | to_json }}
-       {% elif sshd_verify_hostkeys == 'auto' %}
-        {% if sshd_HostKey is string %}
-          [ {{ __sshd_hostkeys_from_config }} ]
-+        {% if __sshd_hostkeys_from_config | from_json is string %}
-+          {{ [ __sshd_hostkeys_from_config | from_json ] | to_json }}
-         {% else %}
-           {{ __sshd_hostkeys_from_config }}
-         {% endif %}
-- 
-2.34.1
-
-
-From d839fb207e29cbbbc1d256260190f113c332ecba Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Mon, 11 Apr 2022 13:06:24 +0200
-Subject: [PATCH 6/7] tests: Add negative test for FIPS mode
-
-This fixes also a typo that was overlooked previously
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
- tests/tests_hostkeys_fips.yml | 53 ++++++++++++++++++++++++++++++-----
- 1 file changed, 46 insertions(+), 7 deletions(-)
-
-diff --git a/tests/tests_hostkeys_fips.yml b/tests/tests_hostkeys_fips.yml
-index 65cc765..7cf3767 100644
--- a/tests/tests_hostkeys_fips.yml
-+++ b/tests/tests_hostkeys_fips.yml
-@@ -4,13 +4,52 @@
-     __sshd_test_backup_files:
-       - /etc/ssh/sshd_config
-       - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
-      - /etc/ssh/ssh_host_ed255519_key
-      - /etc/ssh/ssh_host_ed255519_key.pub
-+      - /etc/ssh/ssh_host_ed25519_key
-+      - /etc/ssh/ssh_host_ed25519_key.pub
-       - /etc/system-fips
-   tasks:
-     - name: "Backup configuration files"
-       include_tasks: tasks/backup.yml
- 
-+    - name: Run the role with default parameters without FIPS mode
-+      include_role:
-+        name: ansible-sshd
-+
-+    - name: Verify the options are correctly set
-+      block:
-+        - meta: flush_handlers
-+
-+        - name: Print current configuration file
-+          slurp:
-+            src: "{{ main_sshd_config }}"
-+          register: config
-+
-+        - name: Get stat of private key
-+          stat:
-+            path: /etc/ssh/ssh_host_ed25519_key
-+          register: privkey
-+
-+        - name: Get stat of public key
-+          stat:
-+            path: /etc/ssh/ssh_host_ed25519_key.pub
-+          register: pubkey
-+
-+        - name: Check the key is in configuration file (without include)
-+          assert:
-+            that:
-+              - "'HostKey /etc/ssh/ssh_host_ed25519_key' in config.content | b64decode"
-+          when:
-+            - ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version']|int < 9
-+
-+        - name: Check host key was generated
-+          assert:
-+            that:
-+              - privkey.stat.exists
-+              - pubkey.stat.exists
-+      when:
-+        - ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version']|int > 6
-+      tags: tests::verify
-+
-     - name: Fake FIPS mode
-       block:
-         - name: Create temporary directory
-@@ -40,13 +79,13 @@
-     - name: Remove the Ed25519 hostkey
-       file:
-         path:
-          /etc/ssh/ssh_host_ed255519_key
-+          /etc/ssh/ssh_host_ed25519_key
-         state: absent
- 
-     - name: Remove the Ed25519 pubkey
-       file:
-         path:
-          /etc/ssh/ssh_host_ed255519_key.pub
-+          /etc/ssh/ssh_host_ed25519_key.pub
-         state: absent
- 
-     - name: Run the role with default parameters
-@@ -64,18 +103,18 @@
- 
-         - name: Get stat of private key
-           stat:
-            path: /etc/ssh/ssh_host_ed255519_key
-+            path: /etc/ssh/ssh_host_ed25519_key
-           register: privkey
- 
-         - name: Get stat of public key
-           stat:
-            path: /etc/ssh/ssh_host_ed255519_key.pub
-+            path: /etc/ssh/ssh_host_ed25519_key.pub
-           register: pubkey
- 
-         - name: Check the key is not in configuration file
-           assert:
-             that:
-              - "'HostKey /etc/ssh/ssh_host_ed255519_key' not in config.content | b64decode"
-+              - "'HostKey /etc/ssh/ssh_host_ed25519_key' not in config.content | b64decode"
- 
-         - name: Check no host key was generated
-           assert:
-- 
-2.34.1
-
-
-From 2a49697fa4bb6281796e76a4b7ee34c356f802cc Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Mon, 11 Apr 2022 13:07:44 +0200
-Subject: [PATCH 7/7] Introduce default hostkeys to check when using drop-in
- directory
-
-Previously no hostkeys were checked if they were not present
-in the generated configuration file. When the drop-in directory is
-used, usually, there are no hostkeys in that file and no sanity
-check for hostkeys was executed.
-
-This amends the "auto" value for the hostkeys check to allow checking
-for default hostkeys that are read by OpenSSH by default.
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
- defaults/main.yml | 1 +
- tasks/install.yml | 8 +++++++-
- vars/Fedora.yml   | 6 ++++++
- vars/RedHat_9.yml | 6 ++++++
- 4 files changed, 20 insertions(+), 1 deletion(-)
-
-diff --git a/defaults/main.yml b/defaults/main.yml
-index 18d6114..7e40e51 100644
--- a/defaults/main.yml
-+++ b/defaults/main.yml
-@@ -61,6 +61,7 @@ sshd_sftp_server: /usr/lib/openssh/sftp-server
- # configuration or restarting), we make sure the keys exist and have correct
- # permissions. To disable this check, set sshd_verify_hostkeys to false
- sshd_verify_hostkeys: "auto"
-+__sshd_verify_hostkeys_default: []
- sshd_hostkey_owner: "{{ __sshd_hostkey_owner }}"
- sshd_hostkey_group: "{{ __sshd_hostkey_group }}"
- sshd_hostkey_mode: "{{ __sshd_hostkey_mode }}"
-diff --git a/tasks/install.yml b/tasks/install.yml
-index 571281c..fa7d3c3 100644
--- a/tasks/install.yml
-+++ b/tasks/install.yml
-@@ -65,7 +65,13 @@
-       {% if not sshd_verify_hostkeys %}
-         {{ [] | to_json }}
-       {% elif sshd_verify_hostkeys == 'auto' %}
-        {% if __sshd_hostkeys_from_config | from_json is string %}
-+        {% if not __sshd_hostkeys_from_config | from_json %}
-+          {% if __sshd_fips_mode %}
-+            {{ __sshd_verify_hostkeys_default | difference(__sshd_hostkeys_nofips) | to_json }}
-+          {% else %}
-+            {{ __sshd_verify_hostkeys_default | to_json }}
-+          {% endif %}
-+        {% elif __sshd_hostkeys_from_config | from_json is string %}
-           {{ [ __sshd_hostkeys_from_config | from_json ] | to_json }}
-         {% else %}
-           {{ __sshd_hostkeys_from_config }}
-diff --git a/vars/Fedora.yml b/vars/Fedora.yml
-index 77bf172..cf2b081 100644
--- a/vars/Fedora.yml
-+++ b/vars/Fedora.yml
-@@ -9,5 +9,11 @@ sshd_sftp_server: /usr/libexec/openssh/sftp-server
- __sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
- __sshd_defaults:
- __sshd_os_supported: yes
-+__sshd_verify_hostkeys_default:
-+  - /etc/ssh/ssh_host_rsa_key
-+  - /etc/ssh/ssh_host_ecdsa_key
-+  - /etc/ssh/ssh_host_ed25519_key
-+__sshd_hostkeys_nofips:
-+  - /etc/ssh/ssh_host_ed25519_key
- __sshd_hostkey_group: ssh_keys
- __sshd_hostkey_mode: "0640"
-diff --git a/vars/RedHat_9.yml b/vars/RedHat_9.yml
-index 33df26a..55239f4 100644
--- a/vars/RedHat_9.yml
-+++ b/vars/RedHat_9.yml
-@@ -9,5 +9,11 @@ sshd_sftp_server: /usr/libexec/openssh/sftp-server
- __sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
- __sshd_defaults:
- __sshd_os_supported: yes
-+__sshd_verify_hostkeys_default:
-+  - /etc/ssh/ssh_host_rsa_key
-+  - /etc/ssh/ssh_host_ecdsa_key
-+  - /etc/ssh/ssh_host_ed25519_key
-+__sshd_hostkeys_nofips:
-+  - /etc/ssh/ssh_host_ed25519_key
- __sshd_hostkey_group: ssh_keys
- __sshd_hostkey_mode: "0640"
-- 
-2.34.1
-
--- a/SOURCES/spec-to-changelog-md.sh
+++ b/SOURCES/spec-to-changelog-md.sh
--- a/SPECS/linux-system-roles.spec
+++ b/SPECS/linux-system-roles.spec
@ -30,8 +30,8 @@ Name: linux-system-roles
 %endif
 Url: https://github.com/linux-system-roles
 Summary: Set of interfaces for unified system management
-Version: 1.16.2
-Release: 1%{?dist}.3
+Version: 1.20.1
+Release: 1%{?dist}

 #Group: Development/Libraries
 License: GPLv3+ and MIT and BSD and Python
@ -127,85 +127,85 @@ BuildRequires: %{ansible_build_dep}

 #%%defcommit 1 14314822b529520ac12964e0d2938c4bb18ab895
 %global rolename1 postfix
-%deftag 1 1.2.0
+%deftag 1 1.2.4

 #%%defcommit 2 9fe6eb36772e83b53dcfb8ceb73608fd4f72eeda
 %global rolename2 selinux
-%deftag 2 1.3.4
+%deftag 2 1.4.0

 #%%defcommit 3 cbe4bf262bffae3bf53e531662237741954c4182
 %global rolename3 timesync
-%deftag 3 1.6.6
+%deftag 3 1.6.9

 #%%defcommit 4 02fc72b482e165472624b2f68eecd2ddce1d93b1
 %global rolename4 kdump
-%deftag 4 1.2.2
+%deftag 4 1.2.5

-#%%defcommit 5 61423ed36fc6da6dbe8321912e896c59a2d8e2f6
+#%%defcommit 5 a74092634adfe45f76cf761138abab1811692b4b
 %global rolename5 network
-%deftag 5 1.7.1
+%deftag 5 1.9.1

 #%%defcommit 6 50d2b8ccc98a8f4cb9d1d550d21adc227181e9fa
 %global rolename6 storage
-%deftag 6 1.7.0
+%deftag 6 1.9.1

 #%%defcommit 7 d57caa8ca506d8cbc7ca0f96f7cb62b7e965f163
 %global rolename7 metrics
-%deftag 7 1.5.1
+%deftag 7 1.7.3

 #%%defcommit 8 2b9e53233ee3a68bdb532e62f289733e436a6106
 %global rolename8 tlog
-%deftag 8 1.2.6
+%deftag 8 1.2.9

 #%%defcommit 9 9373303b98e09ef38df7afc8d06e5e55812096c7
 %global rolename9 kernel_settings
-%deftag 9 1.1.6
+%deftag 9 1.1.10

 #%%defcommit 10 20dd3e5520ca06dcccaa9b3f1fb428d055e0c23f
 %global rolename10 logging
-%deftag 10 1.8.1
+%deftag 10 1.10.0

 #%%defcommit 11 c57d0b1f3384c525738fa26ba4bdca485e162567
 %global rolename11 nbde_server
-%deftag 11 1.1.2
+%deftag 11 1.1.5

 #%%defcommit 12 bef2fad5e365712d1f40e53662490ba2550a253f
 %global rolename12 nbde_client
-%deftag 12 1.2.2
+%deftag 12 1.2.6

 #%%defcommit 13 310fc53db04e8d3134524afb7a89b0477a2ffb83
 %global rolename13 certificate
-%deftag 13 1.1.3
+%deftag 13 1.1.6

 #%%defcommit 14 b2a9857ac661fa32e66666e444b73bfdb34cdf95
 %global rolename14 crypto_policies
-%deftag 14 1.2.3
+%deftag 14 1.2.6

 %global forgeorg15 https://github.com/willshersystems
 %global repo15 ansible-sshd
 %global rolename15 sshd
-%defcommit 15 214df35c0bee77b5d69f49c2da269251d451b28f
-#%%deftag 15 v0.14.1
+%defcommit 15 9766d9097a87a130d4c8abde2247aaad5c925ecf
+#%%deftag 15 v0.15.1

 #%%defcommit 16 59b9fd7b25607d8bd33bdb082748955f2652846a
 %global rolename16 ssh
-%deftag 16 1.1.4
+%deftag 16 1.1.9

 #%%defcommit 17 f901239cb91878719c9e7461760ef8d4789d626d
 %global rolename17 ha_cluster
-%deftag 17 1.4.1
+%deftag 17 1.7.4

 #%%defcommit 18 5f6cb73e6753fbdbb219b7d3079f0378b2d3bdb3
 %global rolename18 vpn
-%deftag 18 1.3.2
+%deftag 18 1.3.5

 %global rolename19 firewall
-%deftag 19 1.1.0
+%deftag 19 1.4.0

 %global rolename20 cockpit
-%deftag 20 1.2.1
+%deftag 20 1.3.0

-%global mainid 5e7bb389fc5e93184871b3907e75ba896874dc21
+%global mainid c22eff88d40972158cd5c413b7468b4e904cc76c
 Source: %{url}/auto-maintenance/archive/%{mainid}/auto-maintenance-%{mainid}.tar.gz
 Source1: %{archiveurl1}
 Source2: %{archiveurl2}
@ -230,11 +230,18 @@ Source20: %{archiveurl20}

 # Collection tarballs from Automation Hub
 # Not used on Fedora.
-Source801: ansible-posix-1.3.0.tar.gz
+Source801: ansible-posix-1.4.0.tar.gz

 # Collection tarballs from Galaxy
 # Not used on Fedora.
-Source901: community-general-4.6.0.tar.gz
+Source901: community-general-5.4.0.tar.gz
+
+# changelog is auto generated on Fedora
+Source996: CHANGELOG.md
+
+# Script to convert spec %changelog into collection CHANGELOG.md
+# only used on Fedora
+Source997: spec-to-changelog-md.sh

 # Script to convert the collection README to Automation Hub.
 # Not used on Fedora.
@ -242,10 +249,9 @@ Source998: collection_readme.sh

 Patch51: network-disable-bondtests.diff

-Patch61: Bug-2098224-storage-role-cannot-set-mount_options-for-volumes.patch
-Patch62: Bug-2098223-storage-role-raid_level-striped-is-not-supported.patch
+Patch1501: 0001-sshd-Add-final-version-of-RequiredRSASize.patch

-Patch1501: ansible-sshd.patch
+Patch1601: 0001-ssh-Add-final-version-of-the-option-RequiredRSASize-53.patch

 BuildArch: noarch

@ -338,14 +344,12 @@ cd ../..
 cd %{rolename5}
 %patch51 -p1
 cd ..
-cd %{rolename6}
-%patch61 -p1
-%patch62 -p1
-cd ..
 cd %{rolename15}
-%patch1501 -p1
-sed -r -i -e "s/ansible-sshd/linux-system-roles.sshd/" tests/*.yml examples/*.yml
-sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" tests/*.yml examples/*.yml README.md
+find -P tests examples -name \*.yml | while read file; do
+  sed -r -i -e "s/ansible-sshd/linux-system-roles.sshd/" \
+     -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" "$file"
+done
+sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" README.md
 sed -r -i -e "s/min_ansible_version: 2.8/min_ansible_version: 2.9/" meta/main.yml
 cd ..

@ -362,6 +366,14 @@ if [ "$rolesdir" != "$realrolesdir" ]; then
 fi
 cd ..

+cd %{rolename15}
+%patch1501 -p1
+cd ..
+
+cd %{rolename16}
+%patch1601 -p1
+cd ..
+
 %if 0%{?rhel}
 # Unpack tar.gz to retrieve to be vendored modules and place them in the roles library.
 # ansible.posix:
@ -401,7 +413,15 @@ for module in "${!module_map[@]}"; do
  if [ ! -d $role/library ]; then
    mkdir $role/library
  fi
-  cp -pL .external/community/general/plugins/modules/$module $role/library/$module
+  # version 5.x seems to be broken?
+  moduledir=.external/community/general/plugins/modules
+  if [ ! -f $moduledir/$module ]; then
+    moduledir=.external/community/general/plugins/modules/system
+  fi
+  if [ ! -f $moduledir/$module ]; then
+    moduledir=.external/community/general/plugins/modules/files
+  fi
+  cp -pL $moduledir/$module $role/library/$module
  ls -alrtF $role/library/$module
  sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module
 done
@ -474,7 +494,7 @@ for role in %{rolenames}; do
    includes="$includes --include $role"
 %if 0%{?rhel}
    # we vendor-in all of the dependencies on rhel, so remove them
-    rm -f "$role/meta/requirements.yml"
+    rm -f "$role/meta/requirements.yml" "$role/meta/collection-requirements.yml"
 %endif
 done

@ -496,6 +516,15 @@ for role in %{rolenames}; do
    .collections/ansible_collections/%{collection_namespace}/%{collection_name}/roles/$role/README.md
 done

+%if 0%{?rhel}
+cp %{SOURCE996} \
+    .collections/ansible_collections/%{collection_namespace}/%{collection_name}/docs/CHANGELOG.md
+%else
+# Build the collection CHANGELOG.md
+%{SOURCE997} %{_specdir}/%{name}.spec \
+    .collections/ansible_collections/%{collection_namespace}/%{collection_name}/docs/CHANGELOG.md
+%endif
+
 %install
 mkdir -p $RPM_BUILD_ROOT%{installbase}
 mkdir -p $RPM_BUILD_ROOT%{_datadir}/ansible/roles
@ -514,6 +543,8 @@ mkdir -p $RPM_BUILD_ROOT%{_pkglicensedir}
 rm $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}network/examples/roles
 for role in %{rolenames}; do
    mkdir -p "$RPM_BUILD_ROOT%{_pkgdocdir}/$role"
+    cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/CHANGELOG.md" \
+       "$RPM_BUILD_ROOT%{_pkgdocdir}/$role"
    cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/README.md" \
       "$RPM_BUILD_ROOT%{_pkgdocdir}/$role"
 %if %{with html}
@ -573,12 +604,16 @@ cp -p %{buildroot}%{ansible_collection_files}%{collection_name}/README.md \
   $RPM_BUILD_ROOT%{_pkgdocdir}/collection

 for rolename in %{rolenames}; do
-  if [ -f %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/README.md ]; then
+  for file in CHANGELOG.md README.md; do
+    if [ -f %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file ]; then
+      if [ ! -d $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${rolename} ]; then
        mkdir -p $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${rolename}
-    cp -p %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/README.md \
+      fi
+      cp -p %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file \
        $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${rolename}
    fi
  done
+done

 %if %{with html}
 # converting README.md to README.html for collection in $RPM_BUILD_ROOT%{_pkgdocdir}/collection
@ -617,7 +652,7 @@ format_item_for_files() {
        else
            echo "$files_item"
        fi
-    elif [[ "$item" == */README.md ]] || [[ "$item" == */README.html ]]; then
+    elif [[ "$item" == */README.md ]] || [[ "$item" == */README.html ]] || [[ "$item" == */CHANGELOG.md ]]; then
        if [[ "$item" == */private_* ]]; then
            # mark as regular file, not %doc
            echo "$files_item"
@ -687,11 +722,13 @@ fi


 %files -f files_section.txt
+%{_pkgdocdir}/*/CHANGELOG.md
 %{_pkgdocdir}/*/README.md
 %if %{with html}
 %{_pkgdocdir}/*/README.html
 %endif
 %{_pkgdocdir}/*/example-*
+%{_pkgdocdir}/collection/roles/*/CHANGELOG.md
 %{_pkgdocdir}/collection/roles/*/README.md
 %if %{with html}
 %{_pkgdocdir}/collection/roles/*/README.html
@ -720,27 +757,204 @@ fi
 %endif

 %changelog
-* Fri Jun 17 2022 Rich Megginson <rmeggins@redhat.com> - 1.16.2-1.3
- storage role cannot set mount_options for volumes
-  Resolves: rhbz#2098224
+* Tue Sep 27 2022 Rich Megginson <rmeggins@redhat.com> - 1.20.1-1
+- Resolves:rhbz#2129873 : ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles
+
+* Thu Aug 04 2022 Rich Megginson <rmeggins@redhat.com> - 1.20.0-1
+- ensure CHANGELOG.md files are marked as doc
+- Resolves:rhbz#2115152 : cockpit - Add customization of port
+- Resolves:rhbz#2100942 : firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID
+- Resolves:rhbz#2115154 : firewall - support for firewall_config - gather firewall facts
+- Resolves:rhbz#2112145 : logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs
+- Resolves:rhbz#2115886 : network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence
+- Resolves:rhbz#2115157 : selinux - Added setting of seuser and selevel for completeness
+- Resolves:rhbz#2115156 : nbde_client - Sets proper spacing for parameter rd.neednet=1
+- Resolves:rhbz#2109998 : ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing
+- Resolves:rhbz#2082736 : storage - [RHEL9] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.
+
+* Fri Jul 01 2022 Rich Megginson <rmeggins@redhat.com> - 1.19.3-1
+- min_ansible_version is string instead of float
+
+- fix storage test failures
+
+- support for ansible-core 2.13
+
+- crypto_policies - rhel 8.7 default policy is FUTURE not DEFAULT
+  Resolves: rhbz#2100251
+
+- firewall - forward_port should accept list of string or list of dict
+  Resolves: rhbz#2100605
+
+- firewall - support add/modify/delete services
+  Resolves: rhbz#2100292
+
+- metrics - document minimum supported redis version required by rhel-system-roles
+  Resolves: rhbz#2100286
+
+- metrics - restart pmie, pmlogger if changed, do not wait for handler
+  Resolves: rhbz#2100294
+
+- network - Support managing the network through nmstate schema
+  Resolves: rhbz#2072385
+
+- storage - _storage_test_pool_pvs get wrong data type in  test-verify-pool-members.yml
+  Resolves: rhbz#2044119
+
+- storage - support for adding/removing disks to/from storage pools
+  Resolves: rhbz#2072742
+
+- storage - support for attaching cache volumes to existing volumes
+  Resolves: rhbz#2072746
+
+* Wed Jun 15 2022 Rich Megginson <rmeggins@redhat.com> - 1.19.2-1
+- sshd - fix ansible 2.9 support in meta/main.yml
+  Resolves: rhbz#2052086 (9.1.0)
+
+* Mon Jun 13 2022 Rich Megginson <rmeggins@redhat.com> - 1.19.1-1
+- storage - fix coverity scan issue in blivet.py
+  Resolves: rhbz#2072745 (9.1.0)
+
+- logging - fix gather_facts/set_vars issue
+  Resolves: rhbz#2078989 (9.1.0)
+
+- ha_cluster - Move tasks that set up CI environment to roles tasks/ dir
+  Resolves: rhbz#2093438 (9.1.0)
+
+- sshd - fix tests issue with rhel9 hosts
+
+* Mon Jun 06 2022 Rich Megginson <rmeggins@redhat.com> - 1.19.0-1
+- storage - support for creating and managing LVM thin pools/LVs
+  Resolves: rhbz#2072745 (9.1.0)
+
+- firewall - Update Ansible syntax in Firewall system role README.md file examples
+  Resolves: rhbz#2094096 (9.1.0)
+
 - storage role raid_level "striped" is not supported
-  Resolves: rhbz#2098223
+  Resolves: rhbz#2083410 (9.1.0)
+
+- network: the controller device is not completely cleaned up in the bond tests.
+  Resolves: rhbz#2089872 (9.1.0)
+
+- firewall - state no longer required for masquerade and ICMP block inversion
+  Resolves: rhbz#2093423 (9.1.0)
+
+- ha_cluster - Move tasks that set up CI environment to roles tasks/ dir
+  Resolves: rhbz#2093438 (9.1.0)
+
+* Mon May 02 2022 Rich Megginson <rmeggins@redhat.com> - 1.18.0-1
+- firewall - [Improvement] Allow System Role to reset to default Firewalld Settings
+  Resolves: rhbz#2043010 (9.1.0)
+
+- metrics - [RFE] add an option to the metrics role to enable postfix metric collection
+  Resolves: rhbz#2051737 (9.1.0)
+
+- network - Rework the infiniband support
+  Resolves: rhbz#2086965 (9.1.0)
+
+- sshd - recurse into tests and examples sub-directories when replacing string in files
+  the sshd role latest version added sub-directories under tests that need
+  role name replacement - so just use find
+
+- sshd - sshd system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf"
+  Resolves: rhbz#2052081 (9.1.0)
+
+- sshd - sshd system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9
+  Resolves: rhbz#2052086 (9.1.0)
+
+- storage - storage role cannot set mount_options for volumes
+  Resolves: rhbz#2083376 (9.1.0)
+
+* Mon Apr 25 2022 Rich Megginson <rmeggins@redhat.com> - 1.17.0-1
+- All roles should support running with gather_facts: false
+  Resolves: rhbz#2078989 (9.1.0)
+
+- firewall - Firewall system role Ansible deprecation warning related to "include"
+  Resolves: rhbz#2061511 (9.1.0)
+
+- ha_cluster - ha_cluster - support advanced corosync configuration
+  Resolves: rhbz#2065337 (9.1.0)
+
+- ha_cluster - ha_cluster - support SBD fencing
+  Resolves: rhbz#2079626 (9.1.0)
+
+- ha_cluster - ha_cluster - add support for configuring bundle resources
+  Resolves: rhbz#2073519 (9.1.0)
+
+- kernel_settings - kernel_settings error configobj not found on RHEL 8.6 managed hosts
+  Resolves: rhbz#2060525 (9.1.0)
+
+- logging - logging tests fail during cleanup if no cloud-init on system
+  Resolves: rhbz#2058799 (9.1.0)
+
+- logging - Logging - RFE - support template, severity and facility options
+  Resolves: rhbz#2075119 (9.1.0)
+
+- metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run
+  Resolves: rhbz#2060523 (9.1.0)
+
+- metrics - metrics - consistently use ansible_managed in configuration files managed by role
+  Resolves: rhbz#2065392 (9.1.0)
+
+- metrics - [RFE] add an option to the metrics role to enable postfix metric collection
+  Resolves: rhbz#2051737 (9.1.0)
+
+- nbde_client - NBDE client system role does not support servers with static IP addresses
+  Resolves: rhbz#2070462 (9.1.0)
+
+- network - [RFE] Extend rhel-system-roles.network feature set to support routing rules
+  Resolves: rhbz#2079622 (9.1.0)
+
+- network - bond: fix typo in supporting the infiniband ports in active-backup mode
+  Resolves: rhbz#2065394 (9.1.0)
+
+- network - pytest failed when running with nm providers in the rhel-8.5 beaker machine
+  Resolves: rhbz#2066911 (9.1.0)
+
+- network - network - consistently use ansible_managed in configuration files managed by role
+  Resolves: rhbz#2065382 (9.1.0)
+
+- postfix - postfix - consistently use ansible_managed in configuration files managed by role
+  Resolves: rhbz#2065393 (9.1.0)
+
+- postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default
+  Resolves: rhbz#2065383 (9.1.0)

-* Thu Apr 21 2022 Rich Megginson <rmeggins@redhat.com> - 1.16.2-1.2
 - sshd - FIPS mode detection in SSHD role is wrong
-  Resolves rhbz#2077475 (EL9)
+  Resolves: rhbz#2073605 (9.1.0)

-* Wed Apr 20 2022 Rich Megginson <rmeggins@redhat.com> - 1.16.2-1.1
- Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default
-  Resolves rhbz#2075545 (EL9)
+- storage - RFE storage Less verbosity by default
+  Resolves: rhbz#2079627 (9.1.0)

-* Tue Mar 29 2022 Rich Megginson <rmeggins@redhat.com> - 1.16.2-1
+- timesync - timesync: basic-smoke test failure in timesync/tests_ntp.yml
+  Resolves: rhbz#2060524 (9.1.0)
+
+- tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default
+  Resolves: rhbz#2071804 (9.1.0)
+
+* Thu Apr 07 2022 Rich Megginson <rmeggins@redhat.com> - 1.16.3-1
+- tlog - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default
+  Resolves rhbz#2072749 (EL8)
+  Resolves rhbz#2071804 (EL9)
+
+* Wed Apr 06 2022 Sergei Petrosian <spetrosi@redhat.com> - 1.16.2-2
+- Update community.general
+
+* Thu Mar 31 2022 Rich Megginson <rmeggins@redhat.com> - 1.16.2-1
+- nbde_client - NBDE client system role does not support servers with static IP addresses
+  previous fix did not handle some other cases
+  Resolves rhbz#1985022 (EL8)
+  Resolves rhbz#2031555 (EL9)
+
+* Tue Mar 29 2022 Rich Megginson <rmeggins@redhat.com> - 1.16.1-1
 - nbde_client - NBDE client system role does not support servers with static IP addresses
  previous fix did not handle some cases
  Resolves rhbz#1985022 (EL8)
  Resolves rhbz#2031555 (EL9)

-* Fri Mar 18 2022 Rich Megginson <rmeggins@redhat.com> - 1.16.1-1
+* Tue Mar 22 2022 Sergei Petrosian <spetrosi@redhat.com> - 1.16.0-2
+- Update community.general
+
+* Tue Mar 15 2022 Rich Megginson <rmeggins@redhat.com> - 1.16.0-1
 - network - pytest failed when running with nm providers in the rhel-8.5 beaker machine
  Resolves rhbz#2064396 (EL8)
  Resolves rhbz#2064401 (EL9)
@ -750,8 +964,6 @@ fi
 - network - consistently use ansible_managed in configuration files managed by role
  Resolves rhbz#2057656 (EL8)
  Resolves rhbz#2057657 (EL9)
-
-* Tue Mar 15 2022 Rich Megginson <rmeggins@redhat.com> - 1.16.0-1
 - metrics - consistently use ansible_managed in configuration files managed by role
  Resolves rhbz#2057645 (EL8)
  Resolves rhbz#2057647 (EL9)