rpms/rhel-system-roles
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import rhel-system-roles-1.0.1-1.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-05-18 02:57:55 -04:00 committed by Andrew Lukoshko
parent 39fa5bdecd
commit 9846ca6957
37 changed files with 6570 additions and 2107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
.gitignore vendored
View File

@ -1,13 +1,18 @@
SOURCES/certificate-fedef6e.tar.gz
SOURCES/kdump-0c2bb28.tar.gz
SOURCES/kernel_settings-901a73a.tar.gz
SOURCES/logging-fe3f658.tar.gz
SOURCES/metrics-7f94b49.tar.gz
SOURCES/nbde_client-6306def.tar.gz
SOURCES/nbde_server-4b6cfca.tar.gz
SOURCES/network-bf4501b.tar.gz
SOURCES/ansible-sshd-e1de59b3c54e9d48a010eeca73755df339c7e628.tar.gz
SOURCES/auto-maintenance-8f069305caa0a142c2c6ac14bd4d331282a1c079.tar.gz
SOURCES/certificate-0376ceece57882ade8ffaf431b7866aae3e7fed1.tar.gz
SOURCES/crypto_policies-2e2941c5545571fc8bc494099bdf970f498b9d38.tar.gz
SOURCES/ha_cluster-779bb78559de58bb5a1f25a4b92039c373ef59a4.tar.gz
SOURCES/kdump-77596fdd976c6160d6152c200a5432c609725a14.tar.gz
SOURCES/kernel_settings-4c81fd1380712ab0641b6837f092dd9caeeae0a6.tar.gz
SOURCES/logging-07e08107e7ccba5822f8a7aaec1a2ff0a221bede.tar.gz
SOURCES/metrics-e81b2650108727f38b1c856699aad26af0f44a46.tar.gz
SOURCES/nbde_client-19f06159582550c8463f7d8492669e26fbdf760b.tar.gz
SOURCES/nbde_server-4dfc5e2aca74cb82f2a50eec7e975a2b78ad9678.tar.gz
SOURCES/network-bda206d45c87ee8c1a5284de84f5acf5e629de97.tar.gz
SOURCES/postfix-0.1.tar.gz
SOURCES/selinux-6cd1ec8.tar.gz
SOURCES/storage-81f30ab.tar.gz
SOURCES/timesync-924650d.tar.gz
SOURCES/tlog-cfa70b6.tar.gz
SOURCES/selinux-1.1.1.tar.gz
SOURCES/ssh-21adc637511db86b5ba279a70a7301ef3a170669.tar.gz
SOURCES/storage-485de47b0dc0787aea077ba448ecb954f53e40c4.tar.gz
SOURCES/timesync-924650d0cd4117f73a7f0413ab745a8632bc5cec.tar.gz
SOURCES/tlog-1.1.0.tar.gz

29
.rhel-system-roles.metadata
View File

@ -1,13 +1,18 @@
5aa98ec9e109c5ebfae327718e5cad1d3c837e4f SOURCES/certificate-fedef6e.tar.gz
36b200d1c6a8d1cb1ea87e3e9aa8c4f6bbd8155d SOURCES/kdump-0c2bb28.tar.gz
263a6bbe7b25fbbc13c60b6b30861b63ec2648cd SOURCES/kernel_settings-901a73a.tar.gz
9f365ee569d0d6e542983842ffd7c81c82e2c3ca SOURCES/logging-fe3f658.tar.gz
3c25f49356e9325ba694d14ece036c8ea3aa16f6 SOURCES/metrics-7f94b49.tar.gz
435fed277e03b6c409ebbfa421c15f97ba15e8c8 SOURCES/nbde_client-6306def.tar.gz
e936390ddc7440e25190d6ff98cf5e5b3bf1fc3b SOURCES/nbde_server-4b6cfca.tar.gz
d1e3e5cd724e7a61a9b3f4eb2bf669d6ed6f9cde SOURCES/network-bf4501b.tar.gz
77e952b62e634c69e36115845b4f24ee3bfe76b7 SOURCES/ansible-sshd-e1de59b3c54e9d48a010eeca73755df339c7e628.tar.gz
31d33f92384e423baebb073d3a6e3d271cbef5a5 SOURCES/auto-maintenance-8f069305caa0a142c2c6ac14bd4d331282a1c079.tar.gz
7017c00e2ceede1f6019ba17a56e0145e6012013 SOURCES/certificate-0376ceece57882ade8ffaf431b7866aae3e7fed1.tar.gz
469a1a39a19d346c10bf07071a7af52832885047 SOURCES/crypto_policies-2e2941c5545571fc8bc494099bdf970f498b9d38.tar.gz
838ed06d8d092271fff04bd5e7c16db4661e8567 SOURCES/ha_cluster-779bb78559de58bb5a1f25a4b92039c373ef59a4.tar.gz
fa3d5daf6cf1ceeaa87f58c16e11153cf250e2fa SOURCES/kdump-77596fdd976c6160d6152c200a5432c609725a14.tar.gz
471863c062a32a37a18c0ee1b7f0c50387baec99 SOURCES/kernel_settings-4c81fd1380712ab0641b6837f092dd9caeeae0a6.tar.gz
60efc730800600f87e386e16730980ea08417d34 SOURCES/logging-07e08107e7ccba5822f8a7aaec1a2ff0a221bede.tar.gz
821d8ebef2d30a41f0fa65bdc5e550f09b375370 SOURCES/metrics-e81b2650108727f38b1c856699aad26af0f44a46.tar.gz
66b84d088e2c3989f00b3151cc7fdc40f768f9a5 SOURCES/nbde_client-19f06159582550c8463f7d8492669e26fbdf760b.tar.gz
0e4e133b75e245d17c0c5a1097ab95f047ae6f65 SOURCES/nbde_server-4dfc5e2aca74cb82f2a50eec7e975a2b78ad9678.tar.gz
c2d1aaca43cbe787ee7b1e41e875a76b8f95831d SOURCES/network-bda206d45c87ee8c1a5284de84f5acf5e629de97.tar.gz
66c82331f4ac9598c506c3999965b4d07dbfe49d SOURCES/postfix-0.1.tar.gz
246383bd6823533ed3a51a0501b75e38ba852908 SOURCES/selinux-6cd1ec8.tar.gz
d1ba125b693ac5b8705e79d92b13f24c01c51a86 SOURCES/storage-81f30ab.tar.gz
ffd2a706e4e3007684aa9874c8457ad5c8920050 SOURCES/timesync-924650d.tar.gz
66538d3279cb5972f73a70960a4407d2abe56883 SOURCES/tlog-cfa70b6.tar.gz
f2ad38bd93487962de511b1f4bc9dc6607a5ab36 SOURCES/selinux-1.1.1.tar.gz
aef51c665e61166e091440862cfa4e6a8fe3c29d SOURCES/ssh-21adc637511db86b5ba279a70a7301ef3a170669.tar.gz
8b7d7c14e76aa1a872f22d5cd6d3c9a850868ed3 SOURCES/storage-485de47b0dc0787aea077ba448ecb954f53e40c4.tar.gz
ffd2a706e4e3007684aa9874c8457ad5c8920050 SOURCES/timesync-924650d0cd4117f73a7f0413ab745a8632bc5cec.tar.gz
486d7b845348755e7f189afd95f32bbe97c74661 SOURCES/tlog-1.1.0.tar.gz

14
SOURCES/collection_readme.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
set -euxo pipefail
readme_md=${1:-"lsr_role2collection/collection_readme.md"}
sed -i -e '/## Currently supported distributions/{:1;/## Dependencies/!{N;b 1};s|.*|## Dependencies|}' \
-e 's/Linux/Red Hat Enterprise Linux/g' \
-e 's/Ansible Galaxy/Automation Hub/g' \
-e 's/fedora\(.\)linux_system_roles/redhat\1rhel_system_roles/g' \
-e 's/linux-system-roles/rhel-system-roles/g' \
-e '/## Documentation/{:a;/## Support/!{N;b a};s|.*|## Documentation\nThe official RHEL System Roles documentation can be found in the [Product Documentation section of the Red Hat Customer Portal](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/administration_and_configuration_tasks_using_system_roles_in_rhel/index).\n\n## Support|}' \
-e 's/ $//' \
$readme_md

28
SOURCES/kdump-fix-newline.diff Normal file
View File

@ -0,0 +1,28 @@
commit cafd95d0b03360d12e86170eb10fc1fc3dcade06
Author: Pavel Cahyna <pcahyna@redhat.com>
Date: Thu Jan 14 11:42:48 2021 +0100
Get rid of the extra final newline in string
Use the `-` chomping indicator to indicate that the trailing newline is
not intended as a part of the string.
https://yaml.org/spec/1.1/#chomping/
The trailing newline was causing an actual problem in the test.
Also use the `>` folded style, which is more appropriate here than the
`|` literal style.
diff --git a/tests/tests_ssh.yml b/tests/tests_ssh.yml
index 6d3699c..d3503f7 100644
--- a/tests/tests_ssh.yml
+++ b/tests/tests_ssh.yml
@@ -27,7 +27,7 @@
- include_role:
name: linux-system-roles.kdump
vars:
- kdump_ssh_user: |
+ kdump_ssh_user: >-
{{ hostvars[kdump_ssh_server_outside]['ansible_user_id'] }}
# This is the outside address. Ansible will connect to it to
# copy the ssh key.

18
SOURCES/kdump-tier1-tags.diff
View File

@ -45,13 +45,13 @@ index 0000000..2035dfc
+ with_items: "{{ restore_services }}"
+ tags: tests::cleanup
diff --git a/tests/tests_default.yml b/tests/tests_default.yml
index 4c93830..9e7743a 100644
index af0b2a0..6ce5241 100644
--- a/tests/tests_default.yml
+++ b/tests/tests_default.yml
@@ -4,3 +4,13 @@
@@ -3,3 +3,13 @@
roles:
- kdump
- linux-system-roles.kdump
+
+ pre_tasks:
+ - name: Import tasks
@ -63,7 +63,7 @@ index 4c93830..9e7743a 100644
+# tags: tests::tier1::cleanup
+ import_tasks: restore_services_state.yml
diff --git a/tests/tests_default_wrapper.yml b/tests/tests_default_wrapper.yml
index 2763fbd..95b3886 100644
index eba31a0..857aab8 100644
--- a/tests/tests_default_wrapper.yml
+++ b/tests/tests_default_wrapper.yml
@@ -1,6 +1,9 @@
@ -92,12 +92,12 @@ index 2763fbd..95b3886 100644
+ - 'tests::slow'
tasks:
- name: Run ansible-playbook with tests_default.yml in check mode
command: ansible-playbook -vvv -i {{ tempinventory.path }} --check tests_default.yml
command: >
diff --git a/tests/tests_ssh.yml b/tests/tests_ssh.yml
index 14a59d9..23bc7eb 100644
index d12e884..6d3699c 100644
--- a/tests/tests_ssh.yml
+++ b/tests/tests_ssh.yml
@@ -11,6 +11,13 @@
@@ -10,6 +10,13 @@
# this is the address at which the ssh dump server can be reached
# from the managed host. Dumps will be uploaded there.
kdump_ssh_server_inside: "{{ kdump_ssh_source if kdump_ssh_source in hostvars[kdump_ssh_server_outside]['ansible_all_ipv4_addresses'] + hostvars[kdump_ssh_server_outside]['ansible_all_ipv6_addresses'] else hostvars[kdump_ssh_server_outside]['ansible_default_ipv4']['address'] }}"
@ -112,7 +112,7 @@ index 14a59d9..23bc7eb 100644
tasks:
- name: gather facts from {{ kdump_ssh_server_outside }}
diff --git a/tests/tests_ssh_wrapper.yml b/tests/tests_ssh_wrapper.yml
index 9a8ecfd..1a6db73 100644
index 2203f3f..96a764e 100644
--- a/tests/tests_ssh_wrapper.yml
+++ b/tests/tests_ssh_wrapper.yml
@@ -1,6 +1,8 @@
@ -139,4 +139,4 @@ index 9a8ecfd..1a6db73 100644
+ - 'tests::multihost_localhost'
tasks:
- name: Run ansible-playbook with tests_ssh.yml in check mode
command: ansible-playbook -vvv -i {{ tempinventory.path }} --check tests_ssh.yml
command: |

136
SOURCES/logging-0001-test-playbooks-enhancement.diff
View File

@ -1,136 +0,0 @@
From 90952a1bb7ddbba45ed8cbd62e6a8e0edb6f6148 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue, 25 Aug 2020 09:05:03 -0700
Subject: [PATCH 1/7] Test playbooks enhancement
In the code to check the log message is successfully logged or not
in the /var/log/messages file, adding "until: __result is success"
and waiting up to 5 seconds.
---
tests/tests_basics_files.yml | 4 ++++
tests/tests_basics_files2.yml | 4 ++++
tests/tests_basics_files_forwards.yml | 4 ++++
tests/tests_basics_files_log_dir.yml | 4 ++++
tests/tests_basics_forwards_implicit_files.yml | 4 ++++
tests/tests_combination.yml | 4 ++++
tests/tests_combination2.yml | 4 ++++
tests/tests_imuxsock_files.yml | 4 ++++
8 files changed, 32 insertions(+)
diff --git a/tests/tests_basics_files.yml b/tests/tests_basics_files.yml
index 080890f..87950d8 100644
--- a/tests/tests_basics_files.yml
+++ b/tests/tests_basics_files.yml
@@ -74,4 +74,8 @@
- name: Check the test log message in {{ __default_system_log }}
command: /bin/grep testMessage0000 {{ __default_system_log }}
+ register: __result
+ until: __result is success
+ retries: 5
+ delay: 1
changed_when: false
diff --git a/tests/tests_basics_files2.yml b/tests/tests_basics_files2.yml
index ae61be2..094b125 100644
--- a/tests/tests_basics_files2.yml
+++ b/tests/tests_basics_files2.yml
@@ -99,4 +99,8 @@
- name: Check the test log message in {{ __default_system_log }}
command: /bin/grep testMessage0000 "{{ __default_system_log }}"
+ register: __result
+ until: __result is success
+ retries: 5
+ delay: 1
changed_when: false
diff --git a/tests/tests_basics_files_forwards.yml b/tests/tests_basics_files_forwards.yml
index f43b8eb..d08a207 100644
--- a/tests/tests_basics_files_forwards.yml
+++ b/tests/tests_basics_files_forwards.yml
@@ -105,6 +105,10 @@
- name: Check the test log message in {{ __default_system_log }}
command: /bin/grep testMessage0000 '{{ __default_system_log }}'
+ register: __result
+ until: __result is success
+ retries: 5
+ delay: 1
changed_when: false
- name: Check if the forwarding config exists
diff --git a/tests/tests_basics_files_log_dir.yml b/tests/tests_basics_files_log_dir.yml
index ca900b8..f5ca266 100644
--- a/tests/tests_basics_files_log_dir.yml
+++ b/tests/tests_basics_files_log_dir.yml
@@ -78,6 +78,10 @@
- name: Check the files output config that the path is {{ logging_system_log_dir }}/messages
command: /bin/grep '\*.info;mail.none;authpriv.none;cron.none.*{{ logging_system_log_dir }}/messages' {{ __test_files_conf }}
+ register: __result
+ until: __result is success
+ retries: 5
+ delay: 1
changed_when: false
- name: Check the test log message in {{ logging_system_log_dir }}/messages
diff --git a/tests/tests_basics_forwards_implicit_files.yml b/tests/tests_basics_forwards_implicit_files.yml
index 6744d53..1d23911 100644
--- a/tests/tests_basics_forwards_implicit_files.yml
+++ b/tests/tests_basics_forwards_implicit_files.yml
@@ -92,6 +92,10 @@
- name: Check if the test message is in {{ __default_system_log }}
command: /bin/grep testMessage0000 '{{ __default_system_log }}'
+ register: __result
+ until: __result is success
+ retries: 5
+ delay: 1
changed_when: false
- name: Get the forwarding config stat
diff --git a/tests/tests_combination.yml b/tests/tests_combination.yml
index 99d57dc..8aae855 100644
--- a/tests/tests_combination.yml
+++ b/tests/tests_combination.yml
@@ -129,6 +129,10 @@
- name: Check the test log message in {{ __default_system_log }}
command: /bin/grep testMessage0000 '{{ __default_system_log }}'
+ register: __result
+ until: __result is success
+ retries: 5
+ delay: 1
changed_when: false
- name: Generated a file to check severity_and_facility
diff --git a/tests/tests_combination2.yml b/tests/tests_combination2.yml
index 5d49a57..5fe43cb 100644
--- a/tests/tests_combination2.yml
+++ b/tests/tests_combination2.yml
@@ -138,6 +138,10 @@
- name: Check the test log message in {{ __default_system_log }}
command: /bin/grep testMessage0000 '{{ __default_system_log }}'
+ register: __result
+ until: __result is success
+ retries: 5
+ delay: 1
changed_when: false
- name: Check the forwarding config stat
diff --git a/tests/tests_imuxsock_files.yml b/tests/tests_imuxsock_files.yml
index 2d6840d..35db253 100644
--- a/tests/tests_imuxsock_files.yml
+++ b/tests/tests_imuxsock_files.yml
@@ -76,4 +76,8 @@
- name: Check the test log message in {{ __default_system_log }}
command: /bin/grep testMessage0000 "{{ __default_system_log }}"
+ register: __result
+ until: __result is success
+ retries: 5
+ delay: 1
changed_when: false
--
2.26.2

81
SOURCES/logging-0002-elasticsearch-output-template.diff
View File

@ -1,81 +0,0 @@
From e7f255a64a1ffe83b06e93c944c73b8079f1db3a Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Thu, 10 Sep 2020 17:15:32 -0700
Subject: [PATCH 2/7] Fixing a logic bug in elasticsearch output template.
When evaluated, the retryfailures value was denied by "not", which
should not have been. Removing the "not" and adding a test case to
tests_files_elasticsearch_use_local_cert.yml.
(cherry picked from commit 108f06926f7bec929fdfc24ce2fbcfe195078ae2)
---
roles/rsyslog/templates/output_elasticsearch.j2 | 2 +-
.../tests_files_elasticsearch_use_local_cert.yml | 16 +++++++++++++---
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/roles/rsyslog/templates/output_elasticsearch.j2 b/roles/rsyslog/templates/output_elasticsearch.j2
index c3cd1df..c4db10f 100644
--- a/roles/rsyslog/templates/output_elasticsearch.j2
+++ b/roles/rsyslog/templates/output_elasticsearch.j2
@@ -44,7 +44,7 @@ ruleset(name="{{ item.name }}") {
bulkid="{{ item.bulkid | d("id_template") }}"
dynbulkid="{{ item.dynbulkid | d('on') }}"
allowUnsignedCerts="{{ item.allowUnsignedCerts | d("off") }}"
-{% if not item.retryfailures | d(true) %}
+{% if item.retryfailures | d(true) %}
{% if item.retryruleset | d() | length > 0 %}
retryfailures="on"
retryruleset="{{ item.retryruleset }}"
diff --git a/tests/tests_files_elasticsearch_use_local_cert.yml b/tests/tests_files_elasticsearch_use_local_cert.yml
index 2559ce7..8b1eaa4 100644
--- a/tests/tests_files_elasticsearch_use_local_cert.yml
+++ b/tests/tests_files_elasticsearch_use_local_cert.yml
@@ -44,6 +44,7 @@
__test_ca_cert: /tmp/es-ca.crt
__test_cert: /tmp/es-cert.pem
__test_key: /tmp/es-key.pem
+ __test_el: elasticsearch_output
tasks:
- name: Generate fake key/certs files.
@@ -60,13 +61,13 @@
- name: deploy config to send to elasticsearch
vars:
logging_outputs:
- - name: elasticsearch_output
+ - name: "{{ __test_el }}"
type: elasticsearch
server_host: logging-es
server_port: 9200
index_prefix: project.
input_type: ovirt
- retryfailures: false
+ retryfailures: on
ca_cert_src: "{{ __test_ca_cert }}"
cert_src: "{{ __test_cert }}"
private_key_src: "{{ __test_key }}"
@@ -77,7 +78,7 @@
logging_flows:
- name: flow_0
inputs: [files_input]
- outputs: [elasticsearch_output, elasticsearch_output_ops]
+ outputs: "[{{ __test_el }}]"
include_role:
name: linux-system-roles.logging
@@ -119,3 +120,12 @@
- mycert: "{{ __test_cert }}"
- myprivkey: "{{ __test_key }}"
changed_when: false
+
+ - name: Check retryfailures in {{ __test_outputfiles_conf }}
+ command: /bin/grep 'retryfailures="on"' {{ __test_outputfiles_conf }}
+ changed_when: false
+
+ - name: Check retryruleset in {{ __test_outputfiles_conf }}
+ command: /bin/grep 'retryruleset="{{ __test_el }}"' {{ __test_outputfiles_conf }}
+ changed_when: false
+
--
2.26.2

55
SOURCES/logging-0003-README.diff
View File

@ -1,55 +0,0 @@
From 76b4418f937fd1dbaa1061fa5f83f11ea046dc40 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Thu, 10 Sep 2020 16:35:43 -0700
Subject: [PATCH 3/7] Adding "Port and SELinux" section to README.
(cherry picked from commit 5f144bc74edbcd80a53a2fe84aa464f7ea9f44ef)
---
README.md | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 0eafde8..db29dc5 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,7 @@
* [Standalone configuration](#standalone-configuration)
* [Client configuration](#client-configuration)
* [Server configuration](#server-configuration)
+ * [Port and SELinux](#port-and-selinux)
* [Providers](#providers)
* [Tests](#tests)
* [Implementation Details](#implementation-details)
@@ -111,10 +112,10 @@ This is a schematic logging configuration to show log messages from input_nameA
- `ovirt` type - `ovirt` input supports oVirt specific inputs.<br>
For the details, visit [oVirt Support](../../design_docs/rsyslog_ovirt_support.md).
-- `remote` type - `remote` input supports receiving logs from the remote logging system over the network. This input type makes rsyslog a server.<br>
+- `remote` type - `remote` input supports receiving logs from the remote logging system over the network.<br>
**available options**
- - `udp_ports`: List of UDP port numbers to listen. If set, the `remote` input listens on the UDP ports. No defaults. If both `udp_ports` and `tcp_ports` are set in a `remote` input item, `udp_ports` is used and `tcp_ports` is dropped.
- - `tcp_ports`: List of TCP port numbers to listen. If set, the `remote` input listens on the TCP ports. Default to `[514]`. If both `udp_ports` and `tcp_ports` are set in a `remote` input item, `udp_ports` is used and `tcp_ports` is dropped. If both `udp_ports` and `tcp_ports` are not set in a `remote` input item, `tcp_ports: [514]` is added to the item.
+ - `udp_ports`: List of UDP port numbers to listen. If set, the `remote` input listens on the UDP ports. No defaults. If both `udp_ports` and `tcp_ports` are set in a `remote` input item, `udp_ports` is used and `tcp_ports` is dropped. See also [Port and SELinux](#port-and-selinux).
+ - `tcp_ports`: List of TCP port numbers to listen. If set, the `remote` input listens on the TCP ports. Default to `[514]`. If both `udp_ports` and `tcp_ports` are set in a `remote` input item, `udp_ports` is used and `tcp_ports` is dropped. If both `udp_ports` and `tcp_ports` are not set in a `remote` input item, `tcp_ports: [514]` is added to the item. See also [Port and SELinux](#port-and-selinux).
- `tls`: Set to `true` to encrypt the connection using the default TLS implementation used by the provider. Default to `false`.
- `pki_authmode`: Specifying the default network driver authentication mode. `x509/name`, `x509/fingerprint`, `anon` is accepted. Default to `x509/name`.
- `permitted_clients`: List of hostnames, IP addresses, fingerprints(sha1), and wildcard DNS domains which will be allowed by the `logging` server to connect and send logs over TLS. Default to `['*.{{ logging_domain }}']`
@@ -591,6 +592,15 @@ The following playbook generates the same logging configuration files.
outputs: [remote_files_output0, remote_files_output1]
```
+### Port and SELinux
+
+SELinux is only configured to allow sending and receiving on the following ports by default:
+```
+syslogd_port_t tcp 514, 20514
+syslogd_port_t udp 514, 20514
+```
+If other ports need to be configured, you can use [linux-system-roles/selinux](https://github.com/linux-system-roles/selinux) to manage SELinux contexts.
+
## Providers
[Rsyslog](roles/rsyslog) - This documentation contains rsyslog specific information.
--
2.26.2

31
SOURCES/logging-0004-yamllint-errors.diff
View File

@ -1,31 +0,0 @@
From 6ef1f1020abb074525724e9060ddada526ad0102 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue, 29 Sep 2020 15:50:03 -0700
Subject: [PATCH 4/7] Fixing yamllint errors.
(cherry picked from commit b131f9e26b3fd74d759b237d7b3b26b6732371d2)
---
tests/tests_files_elasticsearch_use_local_cert.yml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tests/tests_files_elasticsearch_use_local_cert.yml b/tests/tests_files_elasticsearch_use_local_cert.yml
index 8b1eaa4..90b12af 100644
--- a/tests/tests_files_elasticsearch_use_local_cert.yml
+++ b/tests/tests_files_elasticsearch_use_local_cert.yml
@@ -67,7 +67,7 @@
server_port: 9200
index_prefix: project.
input_type: ovirt
- retryfailures: on
+ retryfailures: true
ca_cert_src: "{{ __test_ca_cert }}"
cert_src: "{{ __test_cert }}"
private_key_src: "{{ __test_key }}"
@@ -128,4 +128,3 @@
- name: Check retryruleset in {{ __test_outputfiles_conf }}
command: /bin/grep 'retryruleset="{{ __test_el }}"' {{ __test_outputfiles_conf }}
changed_when: false
-
--
2.26.2

324
SOURCES/logging-0005-property-based-filters.diff
View File

@ -1,324 +0,0 @@
From b72e8a48be07a1cebce8b2237d7344220678c2ec Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Fri, 16 Oct 2020 08:15:11 -0700
Subject: [PATCH 5/7] Logging - support property-based filters in the files and
forwards outputs
Adding property-based filter options to files, forwards and remote_files output.
A test case is added to tests_basics_files2.yml.
In addition, fixing a bug caused by a left over file from the previous tests.
Issue - https://github.com/linux-system-roles/logging/issues/179
(cherry picked from commit 6ac8f9ff680a4b0230446062f5927f5921829f80)
---
README.md | 68 ++++++++++++-------
roles/rsyslog/templates/output_files.j2 | 4 +-
roles/rsyslog/templates/output_forwards.j2 | 4 +-
.../rsyslog/templates/output_remote_files.j2 | 4 +-
tests/tests_basics_files2.yml | 40 +++++++++--
tests/tests_basics_forwards_cert.yml | 8 +++
tests/tests_basics_forwards_cert_missing.yml | 4 ++
tests/tests_server_conflict.yml | 8 +++
8 files changed, 108 insertions(+), 32 deletions(-)
diff --git a/README.md b/README.md
index db29dc5..4352ee7 100644
--- a/README.md
+++ b/README.md
@@ -180,11 +180,16 @@ This is a schematic logging configuration to show log messages from input_nameA
- `files` type - `files` output supports storing logs in the local files usually in /var/log.<br>
**available options**
- - `facility`: Facility; default to `*`.
- - `severity`: Severity; default to `*`.
- - `exclude`: Exclude list; default to none.
+ - `facility`: Facility in selector; default to `*`.
+ - `severity`: Severity in selector; default to `*`.
+ - `exclude`: Exclude list used in selector; default to none.
+ - `property`: Property in property-based filter; no default
+ - `prop_op`: Operation in property-based filter; In case of not `!`, put the `prop_op` value in quotes; default to `contains`
+ - `prop_value`: Value in property-based filter; default to `error`
- `path`: Path to the output file.
+ Selector options and property-based filter options are exclusive. If Property-based filter options are defined, selector options will be ignored.
+
Unless the above options are given, these local file outputs are configured.
```
kern.* /dev/console
@@ -199,8 +204,12 @@ This is a schematic logging configuration to show log messages from input_nameA
- `forwards` type - `forwards` output sends logs to the remote logging system over the network. This is for the client rsyslog.<br>
**available options**
- - `facility`: Facility; default to `*`.
- - `severity`: Severity; default to `*`.
+ - `facility`: Facility in selector; default to `*`.
+ - `severity`: Severity in selector; default to `*`.
+ - `exclude`: Exclude list used in selector; default to none.
+ - `property`: Property in property-based filter; no default
+ - `prop_op`: Operation in property-based filter; In case of not `!`, put the `prop_op` value in quotes; default to `contains`
+ - `prop_value`: Value in property-based filter; default to `error`
- `target`: Target host (fqdn). **Required**.
- `udp_port`: UDP port number. Default to `514`.
- `tcp_port`: TCP port number. Default to `514`.
@@ -208,11 +217,16 @@ This is a schematic logging configuration to show log messages from input_nameA
- `pki_authmode`: Specifying the default network driver authentication mode. `x509/name`, `x509/fingerprint`, `anon` is accepted. Default to `x509/name`.
- `permitted_server`: Hostname, IP address, fingerprint(sha1) or wildcard DNS domain of the server which this client will be allowed to connect and send logs over TLS. Default to `*.{{ logging_domain }}`
+ Selector options and property-based filter options are exclusive. If Property-based filter options are defined, selector options will be ignored.
+
- `remote_files` type - `remote_files` output stores logs to the local files per remote host and program name originated the logs.<br>
**available options**
- - `facility`: Facility; default to `*`.
- - `severity`: Severity; default to `*`.
- - `exclude`: Exclude list; default to none.
+ - `facility`: Facility in selector; default to `*`.
+ - `severity`: Severity in selector; default to `*`.
+ - `exclude`: Exclude list used in selector; default to none.
+ - `property`: Property in property-based filter; no default
+ - `prop_op`: Operation in property-based filter; In case of not `!`, put the `prop_op` value in quotes; default to `contains`
+ - `prop_value`: Value in property-based filter; default to `error`
- `async_writing`: If set to `true`, the files are written asynchronously. Allowed value is `true` or `false`. Default to `false`.
- `client_count`: Count of client logging system supported this rsyslog server. Default to `10`.
- `io_buffer_size`: Buffer size used to write output data. Default to `65536` bytes.
@@ -221,6 +235,8 @@ This is a schematic logging configuration to show log messages from input_nameA
`/path/to/output/dir/%HOSTNAME%/%PROGRAMNAME:::secpath-replace%.log`
- `remote_sub_path`: Relative path to logging_system_log_dir to store the filtered logs.
+ Selector options and property-based filter options are exclusive. If Property-based filter options are defined, selector options will be ignored.
+
if both `remote_log_path` and `remote_sub_path` are _not_ specified, the remote_file output configured with the following settings.
```
template(
@@ -446,32 +462,38 @@ The following playbook generates the same logging configuration files.
outputs: [files_output0, files_output1]
```
-5. Deploying `files input` reading logs from a local file and `elasticsearch output` to store the logs. Assuming the ca_cert, cert and key to connect to Elasticsearch are prepared.
+5. Deploying `files input` reading logs from local files and `files output` to write to the local files based on the property-based filters.
```yaml
---
-- name: Deploying basic input and elasticsearch output
+- name: Deploying files input and configured files output
hosts: all
roles:
- linux-system-roles.logging
vars:
logging_inputs:
- - name: files_input
+ - name: files_input0
type: files
- input_log_path: /var/log/containers/*.log
+ input_log_path: /var/log/containerA/*.log
+ - name: files_input1
+ type: files
+ input_log_path: /var/log/containerB/*.log
logging_outputs:
- - name: elasticsearch_output
- type: elasticsearch
- server_host: your_target_host
- server_port: 9200
- index_prefix: project.
- input_type: ovirt
- ca_cert_src: /local/path/to/ca_cert
- cert_src: /local/path/to/cert
- private_key_src: /local/path/to/key
+ - name: files_output0
+ type: files
+ property: msg
+ prop_op: contains
+ prop_value: error
+ path: /var/log/errors.log
+ - name: files_output1
+ type: files
+ property: msg
+ prop_op: "!contains"
+ prop_value: error
+ path: /var/log/others.log
logging_flows:
- name: flow0
- inputs: [files_input]
- outputs: [elasticsearch_output]
+ inputs: [files_input0, files_input1]
+ outputs: [files_output0, files_output1]
```
### Client configuration
diff --git a/roles/rsyslog/templates/output_files.j2 b/roles/rsyslog/templates/output_files.j2
index d994414..e15e4cd 100644
--- a/roles/rsyslog/templates/output_files.j2
+++ b/roles/rsyslog/templates/output_files.j2
@@ -1,6 +1,8 @@
{% if item.path is defined %}
ruleset(name="{{ item.name }}") {
-{% if item.exclude | d([]) %}
+{% if item.property | d() %}
+ :{{ item.property }}, {{ item.prop_op | d('contains') }}, "{{ item.prop_value | d('error') }}" {{ item.path }}
+{% elif item.exclude | d([]) %}
{{ item.facility | d('*') }}.{{ item.severity | d('*') }};{{ item.exclude | join(';') }} {{ item.path }}
{% else %}
{{ item.facility | d('*') }}.{{ item.severity | d('*') }} {{ item.path }}
diff --git a/roles/rsyslog/templates/output_forwards.j2 b/roles/rsyslog/templates/output_forwards.j2
index 61254ee..35030b4 100644
--- a/roles/rsyslog/templates/output_forwards.j2
+++ b/roles/rsyslog/templates/output_forwards.j2
@@ -9,7 +9,9 @@
{% set __forwards_protocol = '' %}
{% endif %}
ruleset(name="{{ item.name }}") {
-{% if item.exclude | d([]) %}
+{% if item.property | d() %}
+ :{{ item.property }}, {{ item.prop_op | d('contains') }}, "{{ item.prop_value | d('error') }}" action(name="{{ item.name }}"
+{% elif item.exclude | d([]) %}
{{ item.facility | d('*') }}.{{ item.severity | d('*') }};{{ item.exclude | join(';') }} action(name="{{ item.name }}"
{% else %}
{{ item.facility | d('*') }}.{{ item.severity | d('*') }} action(name="{{ item.name }}"
diff --git a/roles/rsyslog/templates/output_remote_files.j2 b/roles/rsyslog/templates/output_remote_files.j2
index 3c9339f..aaf547e 100644
--- a/roles/rsyslog/templates/output_remote_files.j2
+++ b/roles/rsyslog/templates/output_remote_files.j2
@@ -17,7 +17,9 @@ ruleset(name="{{ item.name }}"
queue.size="{{ logging_server_queue_size }}"
queue.workerThreads="{{ logging_server_threads }}") {
# Store remote logs in separate logfiles
-{% if item.exclude | d([]) %}
+{% if item.property | d() %}
+ :{{ item.property }}, {{ item.prop_op | d('contains') }}, "{{ item.prop_value | d('error') }}" action(name="{{ item.name }}" type="omfile" DynaFile="{{ item.name }}_template" DynaFileCacheSize="{{ item.client_count | d(10) }}" ioBufferSize="{{ item.io_buffer_size | d('65536') }}" asyncWriting="{{ 'on' if item.async_writing | d(false) | bool else 'off' }}")
+{% elif item.exclude | d([]) %}
{{ item.facility | d('*') }}.{{ item.severity | d('*') }};{{ item.exclude | join(';') }} action(name="{{ item.name }}" type="omfile" DynaFile="{{ item.name }}_template" DynaFileCacheSize="{{ item.client_count | d(10) }}" ioBufferSize="{{ item.io_buffer_size | d('65536') }}" asyncWriting="{{ 'on' if item.async_writing | d(false) | bool else 'off' }}")
{% else %}
{{ item.facility | d('*') }}.{{ item.severity | d('*') }} action(name="{{ item.name }}" type="omfile" DynaFile="{{ item.name }}_template" DynaFileCacheSize="{{ item.client_count | d(10) }}" ioBufferSize="{{ item.io_buffer_size | d('65536') }}" asyncWriting="{{ 'on' if item.async_writing | d(false) | bool else 'off' }}")
diff --git a/tests/tests_basics_files2.yml b/tests/tests_basics_files2.yml
index 094b125..b1a0f62 100644
--- a/tests/tests_basics_files2.yml
+++ b/tests/tests_basics_files2.yml
@@ -10,9 +10,9 @@
# If logging role is executed, the file size is about 100 bytes.
# Thus, assert the size is less than 1000.
# 2. Check file count in /etc/rsyslog.d.
-# If logging role is executed, 8 config files are generated.
+# If logging role is executed, 9 config files are generated.
# By setting logging_purge_confs, pre-existing config files are deleted.
-# Thus, assert the the count is equal to 8.
+# Thus, assert the the count is equal to 9.
# 3. Check systemctl status of rsyslog as well as error or specific message in the output.
# 4. To verify the generated filename is correct, check the config file of files output exists.
# 4.1 Check the config file contains the expected filter and the output file as configured.
@@ -24,6 +24,8 @@
vars:
__test_files_conf: /etc/rsyslog.d/30-output-files-files_output1.conf
__default_system_log: /var/log/messages
+ __prop_based_log0: /var/log/property_based_filter_in.log
+ __prop_based_log1: /var/log/property_based_filter_out.log
tasks:
- name: deploy config to output into local files
@@ -49,15 +51,23 @@
path: :omusrmsg:*
- name: files_output3
type: files
- facility: local7
- path: /var/log/boot.log
+ property: msg
+ prop_op: contains
+ prop_value: property_based_filter_test
+ path: "{{ __prop_based_log0 }}"
+ - name: files_output4
+ type: files
+ property: msg
+ prop_op: "!contains"
+ prop_value: property_based_filter_test
+ path: "{{ __prop_based_log1 }}"
logging_inputs:
- name: basic_input
type: basics
logging_flows:
- name: flow_0
inputs: [basic_input]
- outputs: [files_output0, files_output1, files_output2, files_output3]
+ outputs: [files_output0, files_output1, files_output2, files_output3, files_output4]
include_role:
name: linux-system-roles.logging
@@ -74,7 +84,7 @@
- name: Check file counts in rsyslog.d
assert:
- that: rsyslog_d_file_count.matched == 8
+ that: rsyslog_d_file_count.matched == 9
# Checking 'error' in stdout from systemctl status is for detecting the case in which rsyslog is running,
# but some functionality is disabled due to some error, e.g., error: 'tls.cacert' file couldn't be accessed.
@@ -104,3 +114,21 @@
retries: 5
delay: 1
changed_when: false
+
+ - name: Run logger to generate a test log message containing property_based_filter_test
+ command: /bin/logger -i -p local6.info -t testTag1 property_based_filter_test
+ changed_when: false
+
+ - name: Check the test log message in {{ __prop_based_log0 }}
+ command: /bin/grep property_based_filter_test "{{ __prop_based_log0 }}"
+ register: __result
+ until: __result is success
+ retries: 5
+ delay: 1
+ changed_when: false
+
+ - name: Check the test log message not in {{ __prop_based_log1 }}
+ command: /bin/grep property_based_filter_test "{{ __prop_based_log1 }}"
+ register: __result
+ changed_when: false
+ failed_when: "__result is not failed"
diff --git a/tests/tests_basics_forwards_cert.yml b/tests/tests_basics_forwards_cert.yml
index e27e016..48263ae 100644
--- a/tests/tests_basics_forwards_cert.yml
+++ b/tests/tests_basics_forwards_cert.yml
@@ -139,3 +139,11 @@
- /etc/pki/tls/certs/{{ __test_ca_cert_name }}
- /etc/pki/tls/certs/{{ __test_cert_name }}
- /etc/pki/tls/private/{{ __test_key_name }}
+
+ - name: clean up test files
+ file: path="{{ item }}" state=absent
+ loop:
+ - "{{ __test_ca_cert }}"
+ - "{{ __test_cert }}"
+ - "{{ __test_key }}"
+ delegate_to: localhost
diff --git a/tests/tests_basics_forwards_cert_missing.yml b/tests/tests_basics_forwards_cert_missing.yml
index 3e82856..0ad0569 100644
--- a/tests/tests_basics_forwards_cert_missing.yml
+++ b/tests/tests_basics_forwards_cert_missing.yml
@@ -63,6 +63,10 @@
assert:
that: "'{{ ansible_failed_result.results.0.msg }}' is match('{{ __expected_error }}')"
+ - name: clean up test files
+ file: path="{{ __test_key }}" state=absent
+ delegate_to: localhost
+
- name: default run for cleanup
vars:
logging_inputs:
diff --git a/tests/tests_server_conflict.yml b/tests/tests_server_conflict.yml
index 36eeeb7..8c182f6 100644
--- a/tests/tests_server_conflict.yml
+++ b/tests/tests_server_conflict.yml
@@ -76,3 +76,11 @@
- assert:
that: item.msg is not defined or item.msg is defined and item.msg == __expected_error
loop: "{{ ansible_failed_result.results }}"
+
+ - name: clean up test files
+ file: path="{{ item }}" state=absent
+ loop:
+ - "{{ __test_ca_cert }}"
+ - "{{ __test_cert }}"
+ - "{{ __test_key }}"
+ delegate_to: localhost
--
2.26.2

136
SOURCES/logging-0006-property_op.diff
View File

@ -1,136 +0,0 @@
From ca2baffbfc14fba077c7c70d849c02b9c69c9e1f Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Fri, 16 Oct 2020 11:08:00 -0700
Subject: [PATCH 6/7] Replacing prop_op with property_op and prop_value with
property_value.
(cherry picked from commit 1c951e6acef886548029151dbca9d002f20ef425)
---
README.md | 20 +++++++++----------
roles/rsyslog/templates/output_files.j2 | 2 +-
roles/rsyslog/templates/output_forwards.j2 | 2 +-
.../rsyslog/templates/output_remote_files.j2 | 2 +-
tests/tests_basics_files2.yml | 8 ++++----
5 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/README.md b/README.md
index 4352ee7..d94ec04 100644
--- a/README.md
+++ b/README.md
@@ -184,8 +184,8 @@ This is a schematic logging configuration to show log messages from input_nameA
- `severity`: Severity in selector; default to `*`.
- `exclude`: Exclude list used in selector; default to none.
- `property`: Property in property-based filter; no default
- - `prop_op`: Operation in property-based filter; In case of not `!`, put the `prop_op` value in quotes; default to `contains`
- - `prop_value`: Value in property-based filter; default to `error`
+ - `property_op`: Operation in property-based filter; In case of not `!`, put the `property_op` value in quotes; default to `contains`
+ - `property_value`: Value in property-based filter; default to `error`
- `path`: Path to the output file.
Selector options and property-based filter options are exclusive. If Property-based filter options are defined, selector options will be ignored.
@@ -208,8 +208,8 @@ This is a schematic logging configuration to show log messages from input_nameA
- `severity`: Severity in selector; default to `*`.
- `exclude`: Exclude list used in selector; default to none.
- `property`: Property in property-based filter; no default
- - `prop_op`: Operation in property-based filter; In case of not `!`, put the `prop_op` value in quotes; default to `contains`
- - `prop_value`: Value in property-based filter; default to `error`
+ - `property_op`: Operation in property-based filter; In case of not `!`, put the `property_op` value in quotes; default to `contains`
+ - `property_value`: Value in property-based filter; default to `error`
- `target`: Target host (fqdn). **Required**.
- `udp_port`: UDP port number. Default to `514`.
- `tcp_port`: TCP port number. Default to `514`.
@@ -225,8 +225,8 @@ This is a schematic logging configuration to show log messages from input_nameA
- `severity`: Severity in selector; default to `*`.
- `exclude`: Exclude list used in selector; default to none.
- `property`: Property in property-based filter; no default
- - `prop_op`: Operation in property-based filter; In case of not `!`, put the `prop_op` value in quotes; default to `contains`
- - `prop_value`: Value in property-based filter; default to `error`
+ - `property_op`: Operation in property-based filter; In case of not `!`, put the `property_op` value in quotes; default to `contains`
+ - `property_value`: Value in property-based filter; default to `error`
- `async_writing`: If set to `true`, the files are written asynchronously. Allowed value is `true` or `false`. Default to `false`.
- `client_count`: Count of client logging system supported this rsyslog server. Default to `10`.
- `io_buffer_size`: Buffer size used to write output data. Default to `65536` bytes.
@@ -481,14 +481,14 @@ The following playbook generates the same logging configuration files.
- name: files_output0
type: files
property: msg
- prop_op: contains
- prop_value: error
+ property_op: contains
+ property_value: error
path: /var/log/errors.log
- name: files_output1
type: files
property: msg
- prop_op: "!contains"
- prop_value: error
+ property_op: "!contains"
+ property_value: error
path: /var/log/others.log
logging_flows:
- name: flow0
diff --git a/roles/rsyslog/templates/output_files.j2 b/roles/rsyslog/templates/output_files.j2
index e15e4cd..40f5b90 100644
--- a/roles/rsyslog/templates/output_files.j2
+++ b/roles/rsyslog/templates/output_files.j2
@@ -1,7 +1,7 @@
{% if item.path is defined %}
ruleset(name="{{ item.name }}") {
{% if item.property | d() %}
- :{{ item.property }}, {{ item.prop_op | d('contains') }}, "{{ item.prop_value | d('error') }}" {{ item.path }}
+ :{{ item.property }}, {{ item.property_op | d('contains') }}, "{{ item.property_value | d('error') }}" {{ item.path }}
{% elif item.exclude | d([]) %}
{{ item.facility | d('*') }}.{{ item.severity | d('*') }};{{ item.exclude | join(';') }} {{ item.path }}
{% else %}
diff --git a/roles/rsyslog/templates/output_forwards.j2 b/roles/rsyslog/templates/output_forwards.j2
index 35030b4..87d7a09 100644
--- a/roles/rsyslog/templates/output_forwards.j2
+++ b/roles/rsyslog/templates/output_forwards.j2
@@ -10,7 +10,7 @@
{% endif %}
ruleset(name="{{ item.name }}") {
{% if item.property | d() %}
- :{{ item.property }}, {{ item.prop_op | d('contains') }}, "{{ item.prop_value | d('error') }}" action(name="{{ item.name }}"
+ :{{ item.property }}, {{ item.property_op | d('contains') }}, "{{ item.property_value | d('error') }}" action(name="{{ item.name }}"
{% elif item.exclude | d([]) %}
{{ item.facility | d('*') }}.{{ item.severity | d('*') }};{{ item.exclude | join(';') }} action(name="{{ item.name }}"
{% else %}
diff --git a/roles/rsyslog/templates/output_remote_files.j2 b/roles/rsyslog/templates/output_remote_files.j2
index aaf547e..84317f2 100644
--- a/roles/rsyslog/templates/output_remote_files.j2
+++ b/roles/rsyslog/templates/output_remote_files.j2
@@ -18,7 +18,7 @@ ruleset(name="{{ item.name }}"
queue.workerThreads="{{ logging_server_threads }}") {
# Store remote logs in separate logfiles
{% if item.property | d() %}
- :{{ item.property }}, {{ item.prop_op | d('contains') }}, "{{ item.prop_value | d('error') }}" action(name="{{ item.name }}" type="omfile" DynaFile="{{ item.name }}_template" DynaFileCacheSize="{{ item.client_count | d(10) }}" ioBufferSize="{{ item.io_buffer_size | d('65536') }}" asyncWriting="{{ 'on' if item.async_writing | d(false) | bool else 'off' }}")
+ :{{ item.property }}, {{ item.property_op | d('contains') }}, "{{ item.property_value | d('error') }}" action(name="{{ item.name }}" type="omfile" DynaFile="{{ item.name }}_template" DynaFileCacheSize="{{ item.client_count | d(10) }}" ioBufferSize="{{ item.io_buffer_size | d('65536') }}" asyncWriting="{{ 'on' if item.async_writing | d(false) | bool else 'off' }}")
{% elif item.exclude | d([]) %}
{{ item.facility | d('*') }}.{{ item.severity | d('*') }};{{ item.exclude | join(';') }} action(name="{{ item.name }}" type="omfile" DynaFile="{{ item.name }}_template" DynaFileCacheSize="{{ item.client_count | d(10) }}" ioBufferSize="{{ item.io_buffer_size | d('65536') }}" asyncWriting="{{ 'on' if item.async_writing | d(false) | bool else 'off' }}")
{% else %}
diff --git a/tests/tests_basics_files2.yml b/tests/tests_basics_files2.yml
index b1a0f62..9f69ed5 100644
--- a/tests/tests_basics_files2.yml
+++ b/tests/tests_basics_files2.yml
@@ -52,14 +52,14 @@
- name: files_output3
type: files
property: msg
- prop_op: contains
- prop_value: property_based_filter_test
+ property_op: contains
+ property_value: property_based_filter_test
path: "{{ __prop_based_log0 }}"
- name: files_output4
type: files
property: msg
- prop_op: "!contains"
- prop_value: property_based_filter_test
+ property_op: "!contains"
+ property_value: property_based_filter_test
path: "{{ __prop_based_log1 }}"
logging_inputs:
- name: basic_input
--
2.26.2

114
SOURCES/logging-0007-RHELPLAN-56807.diff
View File

@ -1,114 +0,0 @@
From 3967a2b0e7e61dfb6317296a4cf15d0fe91a1638 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Thu, 15 Oct 2020 10:52:29 -0700
Subject: [PATCH 7/7] RHELPLAN-56807 - Logging - elasticsearch - need to adjust
jinja2 boolean values to the rsyslog config values
Resetting the values of the following params as rsyslog expects.
dynSearchIndex, bulkmode, dynbulkid, allowUnsignedCerts, usehttps
Adding test cases to tests_ovirt_elasticsearch_params.yml
(cherry picked from commit c98aabd864f6d07c11d6db991bf0af0aaee7f123)
---
.../rsyslog/templates/output_elasticsearch.j2 | 13 ++++-----
tests/tests_ovirt_elasticsearch_params.yml | 29 +++++++++++++++++--
2 files changed, 33 insertions(+), 9 deletions(-)
diff --git a/roles/rsyslog/templates/output_elasticsearch.j2 b/roles/rsyslog/templates/output_elasticsearch.j2
index c4db10f..6c6255b 100644
--- a/roles/rsyslog/templates/output_elasticsearch.j2
+++ b/roles/rsyslog/templates/output_elasticsearch.j2
@@ -37,25 +37,24 @@ ruleset(name="{{ item.name }}") {
serverport="{{ item.server_port | d(9200) | int }}"
template="{{ item.template | d("es_template") }}"
searchIndex="{{ item.searchIndex | d("index_template") }}"
- dynSearchIndex="{{ item.dynSearchIndex | d("on") }}"
+ dynSearchIndex="{{ item.dynSearchIndex | d(true) | ternary('on', 'off') }}"
searchType="{{ item.searchType | d("com.redhat.viaq.common") }}"
- bulkmode="{{ item.bulkmode | d("on") }}"
+ bulkmode="{{ item.bulkmode | d(true) | ternary('on', 'off') }}"
writeoperation="{{ item.writeoperation | d("create") }}"
bulkid="{{ item.bulkid | d("id_template") }}"
- dynbulkid="{{ item.dynbulkid | d('on') }}"
- allowUnsignedCerts="{{ item.allowUnsignedCerts | d("off") }}"
+ dynbulkid="{{ item.dynbulkid | d(true) | ternary('on', 'off') }}"
+ allowUnsignedCerts="{{ item.allowUnsignedCerts | d(false) | ternary('on', 'off') }}"
{% if item.retryfailures | d(true) %}
-{% if item.retryruleset | d() | length > 0 %}
retryfailures="on"
+{% if item.retryruleset | d() | length > 0 %}
retryruleset="{{ item.retryruleset }}"
{% else %}
- retryfailures="on"
retryruleset="{{ item.name }}"
{% endif %}
{% else %}
retryfailures="off"
{% endif %}
- usehttps="{{ item.usehttps | default("on") }}"
+ usehttps="{{ item.usehttps | d(true) | ternary('on', 'off') }}"
{% if item.use_cert | default(true) %}
tls.cacert="{{ item.ca_cert | default('/etc/rsyslog.d/es-ca.crt') }}"
tls.mycert="{{ item.cert | default('/etc/rsyslog.d/es-cert.pem') }}"
diff --git a/tests/tests_ovirt_elasticsearch_params.yml b/tests/tests_ovirt_elasticsearch_params.yml
index 34d9e1d..4fefe59 100644
--- a/tests/tests_ovirt_elasticsearch_params.yml
+++ b/tests/tests_ovirt_elasticsearch_params.yml
@@ -34,6 +34,8 @@
__test_ovirt_engine_conf: /etc/rsyslog.d/90-input-ovirt-ovirt_engine_input.conf
__test_ovirt_vdsm_conf: /etc/rsyslog.d/90-input-ovirt-ovirt_vdsm_input.conf
__test_ovirt_bogus_conf: /etc/rsyslog.d/90-input-ovirt-ovirt_bogus_input.conf
+ __test_es_conf: /etc/rsyslog.d/31-output-elasticsearch-elasticsearch_output.conf
+ __test_es_ops_conf: /etc/rsyslog.d/31-output-elasticsearch-elasticsearch_output_ops.conf
__test_collectd_name: ovirt_collectd_input
__test_engine_name: ovirt_engine_input
__test_vdsm_name: ovirt_vdsm_input
@@ -56,7 +58,6 @@
server_port: 9200
index_prefix: project.
input_type: ovirt
- retryfailures: false
ca_cert: "/etc/rsyslog.d/es-ca.crt"
cert: "/etc/rsyslog.d/es-cert.pem"
private_key: "/etc/rsyslog.d/es-key.pem"
@@ -70,6 +71,11 @@
ca_cert: "/etc/rsyslog.d/es-ca.crt"
cert: "/etc/rsyslog.d/es-cert.pem"
private_key: "/etc/rsyslog.d/es-key.pem"
+ dynSearchIndex: false
+ bulkmode: false
+ dynbulkid: false
+ allowUnsignedCerts: true
+ usehttps: false
logging_inputs:
- name: basic_input
type: basics
@@ -164,4 +170,23 @@
- name: Check index_prefix is "{{ __test_logs_index }}" in "{{ __test_ovirt_vdsm_conf }}"
command: /bin/grep 'set $.index_prefix = "{{ __test_logs_index }}"' {{ __test_ovirt_vdsm_conf }}
- changed_when: false
+
+ - name: Check default config params in "{{ __test_es_conf }}"
+ command: /bin/grep {{ item }} {{ __test_es_conf }}
+ loop:
+ - "dynSearchIndex=.on."
+ - "bulkmode=.on."
+ - "dynbulkid=.on."
+ - "allowUnsignedCerts=.off."
+ - "usehttps=.on."
+ - "retryfailures=.on."
+
+ - name: Check modified config params in "{{ __test_es_ops_conf }}"
+ command: /bin/grep {{ item }} {{ __test_es_ops_conf }}
+ loop:
+ - "dynSearchIndex=.off."
+ - "bulkmode=.off."
+ - "dynbulkid=.off."
+ - "allowUnsignedCerts=.on."
+ - "usehttps=.off."
+ - "retryfailures=.off."
--
2.26.2

10
SOURCES/md2html.sh
View File

@ -1,10 +0,0 @@
#!/bin/bash
set -euxo pipefail
for file in "$@"; do
pandoc -f markdown_github "${file}" -t asciidoc -o "${file%.md}.tmp.adoc"
touch -r "${file}" "${file%.md}.tmp.adoc"
TZ=UTC asciidoc -o "${file%.md}.html" -a footer-style=none -a toc2 -a source-highlighter=highlight "${file%.md}.tmp.adoc"
rm "${file%.md}.tmp.adoc"
done

24
SOURCES/metrics-mssql-x86.diff Normal file
View File

@ -0,0 +1,24 @@
From 7ff86f2fa05998afcd8ae87d9cdd660ef5b6ee2c Mon Sep 17 00:00:00 2001
From: Jan Kurik <jkurik@redhat.com>
Date: Thu, 18 Feb 2021 17:09:48 +1100
Subject: [PATCH] Update mssql test to exclude non-x86_64 architectures
pcp-pmda-mssql (and SQL Server itself) are x86_64-only.
---
tests/tests_sanity_mssql.yml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tests/tests_sanity_mssql.yml b/tests/tests_sanity_mssql.yml
index 6f1e2cc..8602c36 100644
--- a/tests/tests_sanity_mssql.yml
+++ b/tests/tests_sanity_mssql.yml
@@ -12,7 +12,8 @@
- meta: end_host
when: (ansible_distribution in ['RedHat'] and
( ansible_facts['distribution_version'] is version('8.4', '<'))) or
- ansible_distribution not in ['Fedora', 'RedHat']
+ ansible_distribution not in ['Fedora', 'RedHat'] or
+ ansible_architecture not in ['x86_64']
- name: Save state of services
import_tasks: get_services_state.yml

835
SOURCES/network-ansible-test.diff Normal file
View File

@ -0,0 +1,835 @@
From 7ae16e9ff5291f06ba0d7224a0d6c36b780ea0a2 Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Wed, 3 Mar 2021 11:37:56 -0700
Subject: [PATCH] fix most ansible-test issues, suppress the rest
Automation Hub, and possibly Galaxy in the future, require the
collection to be screened with `ansible-test sanity` among other
checks. The role had a number of issues:
* Use `AssertionError` instead of `assert`
* Use of `logging` module not in accordance with standards, but these
are ok and the errors were suppressed
* Several import errors which are ok because they are checked
elsewhere
* Many of the module files use `#!` shebang - not sure why, but
the usage is allowed
* __init__.py in the module_utils directories must be empty, so a
new file myerror.py was added to move the code from __init__.py
* The documentation block in the module was not properly constructed
or formatted.
* shellcheck issues, including removing unused files
* use `dummy` instead of `_` (underscore) for variables that are
unused
add WARNING to module docs - collection users should not use directly
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
(cherry picked from commit 7459a29e9104bf01987399153baf0a1c1df05929)
---
.github/workflows/tox.yml | 4 +-
.sanity-ansible-ignore-2.9.txt | 47 ++++++++++
README.md | 2 +-
library/network_connections.py | 88 ++++++++++++-------
module_utils/network_lsr/__init__.py | 7 --
.../network_lsr/argument_validator.py | 9 +-
module_utils/network_lsr/ethtool.py | 6 +-
module_utils/network_lsr/myerror.py | 11 +++
module_utils/network_lsr/nm/__init__.py | 4 +
.../network_lsr/nm/active_connection.py | 35 ++++----
module_utils/network_lsr/nm/client.py | 4 +
module_utils/network_lsr/nm/connection.py | 18 ++--
module_utils/network_lsr/nm/error.py | 4 +
module_utils/network_lsr/nm/provider.py | 8 +-
module_utils/network_lsr/nm_provider.py | 4 +
module_utils/network_lsr/utils.py | 10 ++-
tests/ensure_provider_tests.py | 8 +-
tests/get_coverage.sh | 6 +-
tests/get_total_coverage.sh | 2 +-
tests/integration/test_ethernet.py | 4 +-
tests/merge_coverage.sh | 3 +
tests/setup_module_utils.sh | 41 ---------
tox.ini | 3 -
23 files changed, 199 insertions(+), 129 deletions(-)
create mode 100644 .sanity-ansible-ignore-2.9.txt
create mode 100644 module_utils/network_lsr/myerror.py
delete mode 100755 tests/setup_module_utils.sh
diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml
index 207bcba..ba0f4c6 100644
--- a/.github/workflows/tox.yml
+++ b/.github/workflows/tox.yml
@@ -3,7 +3,7 @@ name: tox
on: # yamllint disable-line rule:truthy
- pull_request
env:
- TOX_LSR: "git+https://github.com/linux-system-roles/tox-lsr@2.2.0"
+ TOX_LSR: "git+https://github.com/linux-system-roles/tox-lsr@2.3.0"
LSR_ANSIBLES: 'ansible==2.8.* ansible==2.9.*'
LSR_MSCENARIOS: default
# LSR_EXTRA_PACKAGES: "libdbus-1-dev libgirepository1.0-dev python3-dev"
@@ -36,7 +36,7 @@ jobs:
toxenvs="py${toxpyver}"
case "$toxpyver" in
27) toxenvs="${toxenvs},coveralls,flake8,pylint" ;;
- 36) toxenvs="${toxenvs},coveralls,black,yamllint,ansible-lint,collection" ;;
+ 36) toxenvs="${toxenvs},coveralls,black,yamllint,ansible-lint,collection,ansible-test" ;;
37) toxenvs="${toxenvs},coveralls" ;;
38) toxenvs="${toxenvs},coveralls" ;;
esac
diff --git a/.sanity-ansible-ignore-2.9.txt b/.sanity-ansible-ignore-2.9.txt
new file mode 100644
index 0000000..439197e
--- /dev/null
+++ b/.sanity-ansible-ignore-2.9.txt
@@ -0,0 +1,47 @@
+tests/network/ensure_provider_tests.py compile-2.7!skip
+tests/network/ensure_provider_tests.py compile-3.5!skip
+plugins/module_utils/network_lsr/nm/__init__.py empty-init!skip
+plugins/module_utils/network_lsr/nm/active_connection.py import-2.7!skip
+plugins/module_utils/network_lsr/nm/client.py import-2.7!skip
+plugins/module_utils/network_lsr/nm/connection.py import-2.7!skip
+plugins/module_utils/network_lsr/nm/provider.py import-2.7!skip
+plugins/module_utils/network_lsr/nm/active_connection.py import-3.5!skip
+plugins/module_utils/network_lsr/nm/client.py import-3.5!skip
+plugins/module_utils/network_lsr/nm/connection.py import-3.5!skip
+plugins/module_utils/network_lsr/nm/provider.py import-3.5!skip
+plugins/module_utils/network_lsr/nm/active_connection.py import-3.6!skip
+plugins/module_utils/network_lsr/nm/client.py import-3.6!skip
+plugins/module_utils/network_lsr/nm/connection.py import-3.6!skip
+plugins/module_utils/network_lsr/nm/provider.py import-3.6!skip
+plugins/module_utils/network_lsr/nm/active_connection.py import-3.7!skip
+plugins/module_utils/network_lsr/nm/client.py import-3.7!skip
+plugins/module_utils/network_lsr/nm/connection.py import-3.7!skip
+plugins/module_utils/network_lsr/nm/provider.py import-3.7!skip
+plugins/module_utils/network_lsr/nm/active_connection.py import-3.8!skip
+plugins/module_utils/network_lsr/nm/client.py import-3.8!skip
+plugins/module_utils/network_lsr/nm/connection.py import-3.8!skip
+plugins/module_utils/network_lsr/nm/provider.py import-3.8!skip
+plugins/module_utils/network_lsr/__init__.py shebang!skip
+plugins/module_utils/network_lsr/argument_validator.py shebang!skip
+plugins/module_utils/network_lsr/utils.py shebang!skip
+plugins/module_utils/network_lsr/myerror.py shebang!skip
+tests/network/covstats shebang!skip
+tests/network/ensure_provider_tests.py shebang!skip
+tests/network/get_coverage.sh shebang!skip
+tests/network/get_total_coverage.sh shebang!skip
+tests/network/merge_coverage.sh shebang!skip
+tests/network/ensure_provider_tests.py future-import-boilerplate!skip
+tests/network/integration/conftest.py future-import-boilerplate!skip
+tests/network/integration/test_ethernet.py future-import-boilerplate!skip
+tests/network/unit/test_network_connections.py future-import-boilerplate!skip
+tests/network/unit/test_nm_provider.py future-import-boilerplate!skip
+tests/network/ensure_provider_tests.py metaclass-boilerplate!skip
+tests/network/integration/conftest.py metaclass-boilerplate!skip
+tests/network/integration/test_ethernet.py metaclass-boilerplate!skip
+tests/network/unit/test_network_connections.py metaclass-boilerplate!skip
+tests/network/unit/test_nm_provider.py metaclass-boilerplate!skip
+plugins/modules/network_connections.py validate-modules:missing-examples
+plugins/modules/network_connections.py validate-modules:missing-gplv3-license
+plugins/modules/network_connections.py validate-modules:no-default-for-required-parameter
+plugins/modules/network_connections.py validate-modules:parameter-type-not-in-doc
+plugins/modules/network_connections.py validate-modules:undocumented-parameter
diff --git a/README.md b/README.md
index c1462b6..c257c08 100644
--- a/README.md
+++ b/README.md
@@ -145,7 +145,7 @@ a consequence, `state: up` always changes the system.
You can deactivate a connection profile, even if is currently not active. As a consequence, `state: down` always changes the system.
-Note that if the `state` option is unset, the connection profiles runtime state will not be changed.
+Note that if the `state` option is unset, the connection profile's runtime state will not be changed.
### `persistent_state`
diff --git a/library/network_connections.py b/library/network_connections.py
index 3224892..3a6e47f 100644
--- a/library/network_connections.py
+++ b/library/network_connections.py
@@ -2,6 +2,30 @@
# -*- coding: utf-8 -*-
# SPDX-License-Identifier: BSD-3-Clause
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = """
+---
+module: network_connections
+author: Thomas Haller (@thom311)
+short_description: module for network role to manage connection profiles
+requirements: [pygobject, dbus, NetworkManager]
+version_added: "2.0"
+description:
+ - "WARNING: Do not use this module directly! It is only for role internal use."
+ - |
+ Manage networking profiles (connections) for NetworkManager and
+ initscripts networking providers. Documentation needs to be written. Note
+ that the network_connections module tightly integrates with the network
+ role and currently it is not expected to use this module outside the role.
+ Thus, consult README.md for examples for the role. The requirements are
+ only for the NetworkManager (nm) provider.
+options: {}
+"""
+
+
import errno
import functools
import os
@@ -16,7 +40,7 @@ import logging
# pylint: disable=import-error, no-name-in-module
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network_lsr import ethtool # noqa:E501
-from ansible.module_utils.network_lsr import MyError # noqa:E501
+from ansible.module_utils.network_lsr.myerror import MyError # noqa:E501
from ansible.module_utils.network_lsr.argument_validator import ( # noqa:E501
ArgUtil,
@@ -30,22 +54,6 @@ from ansible.module_utils.network_lsr import nm_provider # noqa:E501
# pylint: enable=import-error, no-name-in-module
-DOCUMENTATION = """
----
-module: network_connections
-author: "Thomas Haller (thaller@redhat.com)"
-short_description: module for network role to manage connection profiles
-requirements: for 'nm' provider requires pygobject, dbus and NetworkManager.
-version_added: "2.0"
-description: Manage networking profiles (connections) for NetworkManager and
- initscripts networking providers.
-options: Documentation needs to be written. Note that the network_connections
- module tightly integrates with the network role and currently it is not
- expected to use this module outside the role. Thus, consult README.md for
- examples for the role.
-"""
-
-
###############################################################################
PERSISTENT_STATE = "persistent_state"
ABSENT_STATE = "absent"
@@ -772,7 +780,7 @@ class NMUtil:
if compare_flags is None:
compare_flags = NM.SettingCompareFlags.IGNORE_TIMESTAMP
- return not (not (con_a.compare(con_b, compare_flags)))
+ return con_a.compare(con_b, compare_flags)
def connection_is_active(self, con):
NM = Util.NM()
@@ -1390,7 +1398,7 @@ class RunEnvironment(object):
def check_mode_set(self, check_mode, connections=None):
c = self._check_mode
self._check_mode = check_mode
- assert (
+ if not (
(c is None and check_mode in [CheckMode.PREPARE])
or (
c == CheckMode.PREPARE
@@ -1399,7 +1407,8 @@ class RunEnvironment(object):
or (c == CheckMode.PRE_RUN and check_mode in [CheckMode.REAL_RUN])
or (c == CheckMode.REAL_RUN and check_mode in [CheckMode.DONE])
or (c == CheckMode.DRY_RUN and check_mode in [CheckMode.DONE])
- )
+ ):
+ raise AssertionError("check_mode value is incorrect {0}".format(c))
self._check_mode_changed(c, check_mode, connections)
@@ -1461,7 +1470,8 @@ class RunEnvironmentAnsible(RunEnvironment):
warn_traceback=False,
force_fail=False,
):
- assert idx >= -1
+ if not idx >= -1:
+ raise AssertionError("idx {0} is less than -1".format(idx))
self._log_idx += 1
self.run_results[idx]["log"].append((severity, msg, self._log_idx))
if severity == LogLevel.ERROR:
@@ -1598,14 +1608,15 @@ class Cmd(object):
def connections_data(self):
c = self._connections_data
if c is None:
- assert self.check_mode in [
+ if self.check_mode not in [
CheckMode.DRY_RUN,
CheckMode.PRE_RUN,
CheckMode.REAL_RUN,
- ]
- c = []
- for _ in range(0, len(self.connections)):
- c.append({"changed": False})
+ ]:
+ raise AssertionError(
+ "invalid value {0} for self.check_mode".format(self.check_mode)
+ )
+ c = [{"changed": False}] * len(self.connections)
self._connections_data = c
return c
@@ -1614,11 +1625,14 @@ class Cmd(object):
c["changed"] = False
def connections_data_set_changed(self, idx, changed=True):
- assert self._check_mode in [
+ if self._check_mode not in [
CheckMode.PRE_RUN,
CheckMode.DRY_RUN,
CheckMode.REAL_RUN,
- ]
+ ]:
+ raise AssertionError(
+ "invalid value {0} for self._check_mode".format(self._check_mode)
+ )
if not changed:
return
self.connections_data[idx]["changed"] = changed
@@ -1688,7 +1702,10 @@ class Cmd(object):
# modify the connection.
con = self.connections[idx]
- assert con["state"] in ["up", "down"]
+ if con["state"] not in ["up", "down"]:
+ raise AssertionError(
+ "connection state {0} not 'up' or 'down'".format(con["state"])
+ )
# also check, if the current profile is 'up' with a 'type' (which
# possibly modifies the connection as well)
@@ -1736,7 +1753,9 @@ class Cmd(object):
elif self._check_mode != CheckMode.DONE:
c = CheckMode.DONE
else:
- assert False
+ raise AssertionError(
+ "invalid value {0} for self._check_mode".format(self._check_mode)
+ )
self._check_mode = c
self.run_env.check_mode_set(c)
return c
@@ -1902,7 +1921,12 @@ class Cmd_nm(Cmd):
name = connection["name"]
if not name:
- assert connection["persistent_state"] == "absent"
+ if not connection["persistent_state"] == "absent":
+ raise AssertionError(
+ "persistent_state must be 'absent' not {0} when there is no connection 'name'".format(
+ connection["persistent_state"]
+ )
+ )
continue
if name in names:
exists = names[name]["nm.exists"]
@@ -1979,7 +2003,7 @@ class Cmd_nm(Cmd):
idx, "ethtool.%s specified but not supported by NM", specified
)
- for option, _ in specified.items():
+ for option in specified.keys():
nm_name = nm_get_name_fcnt(option)
if not nm_name:
self.log_fatal(
diff --git a/module_utils/network_lsr/__init__.py b/module_utils/network_lsr/__init__.py
index 22c717c..e69de29 100644
--- a/module_utils/network_lsr/__init__.py
+++ b/module_utils/network_lsr/__init__.py
@@ -1,7 +0,0 @@
-#!/usr/bin/python3 -tt
-# vim: fileencoding=utf8
-# SPDX-License-Identifier: BSD-3-Clause
-
-
-class MyError(Exception):
- pass
diff --git a/module_utils/network_lsr/argument_validator.py b/module_utils/network_lsr/argument_validator.py
index 24ffdc4..f338489 100644
--- a/module_utils/network_lsr/argument_validator.py
+++ b/module_utils/network_lsr/argument_validator.py
@@ -2,12 +2,16 @@
# vim: fileencoding=utf8
# SPDX-License-Identifier: BSD-3-Clause
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
import posixpath
import socket
import re
# pylint: disable=import-error, no-name-in-module
-from ansible.module_utils.network_lsr import MyError # noqa:E501
+from ansible.module_utils.network_lsr.myerror import MyError # noqa:E501
from ansible.module_utils.network_lsr.utils import Util # noqa:E501
UINT32_MAX = 0xFFFFFFFF
@@ -72,7 +76,8 @@ class ArgUtil:
class ValidationError(MyError):
def __init__(self, name, message):
- Exception.__init__(self, name + ": " + message)
+ # pylint: disable=non-parent-init-called
+ super(ValidationError, self).__init__(name + ": " + message)
self.error_message = message
self.name = name
diff --git a/module_utils/network_lsr/ethtool.py b/module_utils/network_lsr/ethtool.py
index 21e2152..3246bef 100644
--- a/module_utils/network_lsr/ethtool.py
+++ b/module_utils/network_lsr/ethtool.py
@@ -1,5 +1,9 @@
# SPDX-License-Identifier: BSD-3-Clause
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
import array
import struct
import fcntl
@@ -46,7 +50,7 @@ def get_perm_addr(ifname):
res = ecmd.tobytes()
except AttributeError: # tobytes() is not available in python2
res = ecmd.tostring()
- _, size, perm_addr = struct.unpack("II%is" % MAX_ADDR_LEN, res)
+ dummy, size, perm_addr = struct.unpack("II%is" % MAX_ADDR_LEN, res)
perm_addr = Util.mac_ntoa(perm_addr[:size])
except IOError:
perm_addr = None
diff --git a/module_utils/network_lsr/myerror.py b/module_utils/network_lsr/myerror.py
new file mode 100644
index 0000000..f785265
--- /dev/null
+++ b/module_utils/network_lsr/myerror.py
@@ -0,0 +1,11 @@
+#!/usr/bin/python3 -tt
+# vim: fileencoding=utf8
+# SPDX-License-Identifier: BSD-3-Clause
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+class MyError(Exception):
+ pass
diff --git a/module_utils/network_lsr/nm/__init__.py b/module_utils/network_lsr/nm/__init__.py
index 58fbb5a..74c17cb 100644
--- a/module_utils/network_lsr/nm/__init__.py
+++ b/module_utils/network_lsr/nm/__init__.py
@@ -1,5 +1,9 @@
# Relative import is not support by ansible 2.8 yet
# pylint: disable=import-error, no-name-in-module
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
from ansible.module_utils.network_lsr.nm import provider # noqa:E501
# pylint: enable=import-error, no-name-in-module
diff --git a/module_utils/network_lsr/nm/active_connection.py b/module_utils/network_lsr/nm/active_connection.py
index a6c5a37..432142c 100644
--- a/module_utils/network_lsr/nm/active_connection.py
+++ b/module_utils/network_lsr/nm/active_connection.py
@@ -2,6 +2,10 @@
# Handle NM.ActiveConnection
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
import logging
# Relative import is not support by ansible 2.8 yet
@@ -21,19 +25,15 @@ def deactivate_active_connection(nm_ac, timeout, check_mode):
return False
if not check_mode:
main_loop = client.get_mainloop(timeout)
- logging.debug(
- "Deactivating {id} with timeout {timeout}".format(
- id=nm_ac.get_id(), timeout=timeout
- )
- )
+ logging.debug("Deactivating %s with timeout %s", nm_ac.get_id(), timeout)
user_data = main_loop
handler_id = nm_ac.connect(
NM_AC_STATE_CHANGED_SIGNAL, _nm_ac_state_change_callback, user_data
)
logging.debug(
- "Registered {signal} on client.NM.ActiveConnection {id}".format(
- signal=NM_AC_STATE_CHANGED_SIGNAL, id=nm_ac.get_id()
- )
+ "Registered %s on client.NM.ActiveConnection %s",
+ NM_AC_STATE_CHANGED_SIGNAL,
+ nm_ac.get_id(),
)
if nm_ac.props.state != client.NM.ActiveConnectionState.DEACTIVATING:
nm_client = client.get_client()
@@ -44,9 +44,7 @@ def deactivate_active_connection(nm_ac, timeout, check_mode):
_nm_ac_deactivate_call_back,
user_data,
)
- logging.debug(
- "Deactivating client.NM.ActiveConnection {0}".format(nm_ac.get_id())
- )
+ logging.debug("Deactivating client.NM.ActiveConnection %s", nm_ac.get_id())
main_loop.run()
return True
@@ -56,14 +54,13 @@ def _nm_ac_state_change_callback(nm_ac, state, reason, user_data):
if main_loop.is_cancelled:
return
logging.debug(
- "Got client.NM.ActiveConnection state change: {id}: {state} {reason}".format(
- id=nm_ac.get_id(), state=state, reason=reason
- )
+ "Got client.NM.ActiveConnection state change: %s: %s %s",
+ nm_ac.get_id(),
+ state,
+ reason,
)
if nm_ac.props.state == client.NM.ActiveConnectionState.DEACTIVATED:
- logging.debug(
- "client.NM.ActiveConnection {0} is deactivated".format(nm_ac.get_id())
- )
+ logging.debug("client.NM.ActiveConnection %s is deactivated", nm_ac.get_id())
main_loop.quit()
@@ -82,9 +79,7 @@ def _nm_ac_deactivate_call_back(nm_client, result, user_data):
client.NM.ManagerError.quark(), client.NM.ManagerError.CONNECTIONNOTACTIVE
):
logging.info(
- "Connection is not active on {0}, no need to deactivate".format(
- nm_ac_id
- )
+ "Connection is not active on %s, no need to deactivate", nm_ac_id
)
if nm_ac:
nm_ac.handler_disconnect(handler_id)
diff --git a/module_utils/network_lsr/nm/client.py b/module_utils/network_lsr/nm/client.py
index 4992887..f47cc53 100644
--- a/module_utils/network_lsr/nm/client.py
+++ b/module_utils/network_lsr/nm/client.py
@@ -1,5 +1,9 @@
# SPDX-License-Identifier: BSD-3-Clause
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
import logging
# Relative import is not support by ansible 2.8 yet
diff --git a/module_utils/network_lsr/nm/connection.py b/module_utils/network_lsr/nm/connection.py
index 6982034..474da8d 100644
--- a/module_utils/network_lsr/nm/connection.py
+++ b/module_utils/network_lsr/nm/connection.py
@@ -2,6 +2,10 @@
# Handle NM.RemoteConnection
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
import logging
# Relative import is not support by ansible 2.8 yet
@@ -26,9 +30,10 @@ def delete_remote_connection(nm_profile, timeout, check_mode):
user_data,
)
logging.debug(
- "Deleting profile {id}/{uuid} with timeout {timeout}".format(
- id=nm_profile.get_id(), uuid=nm_profile.get_uuid(), timeout=timeout
- )
+ "Deleting profile %s/%s with timeout %s",
+ nm_profile.get_id(),
+ nm_profile.get_uuid(),
+ timeout,
)
main_loop.run()
return True
@@ -78,9 +83,10 @@ def volatilize_remote_connection(nm_profile, timeout, check_mode):
user_data,
)
logging.debug(
- "Volatilizing profile {id}/{uuid} with timeout {timeout}".format(
- id=nm_profile.get_id(), uuid=nm_profile.get_uuid(), timeout=timeout
- )
+ "Volatilizing profile %s/%s with timeout %s",
+ nm_profile.get_id(),
+ nm_profile.get_uuid(),
+ timeout,
)
main_loop.run()
return True
diff --git a/module_utils/network_lsr/nm/error.py b/module_utils/network_lsr/nm/error.py
index 42014ec..d87bc72 100644
--- a/module_utils/network_lsr/nm/error.py
+++ b/module_utils/network_lsr/nm/error.py
@@ -1,5 +1,9 @@
# SPDX-License-Identifier: BSD-3-Clause
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
class LsrNetworkNmError(Exception):
pass
diff --git a/module_utils/network_lsr/nm/provider.py b/module_utils/network_lsr/nm/provider.py
index 52e7502..567c9d1 100644
--- a/module_utils/network_lsr/nm/provider.py
+++ b/module_utils/network_lsr/nm/provider.py
@@ -1,5 +1,9 @@
# SPDX-License-Identifier: BSD-3-Clause
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
import logging
# Relative import is not support by ansible 2.8 yet
@@ -25,7 +29,7 @@ class NetworkManagerProvider:
nm_ac, timeout, check_mode
)
if not changed:
- logging.info("No active connection for {0}".format(connection_name))
+ logging.info("No active connection for %s", connection_name)
return changed
@@ -49,7 +53,7 @@ class NetworkManagerProvider:
nm_profile, timeout, check_mode
)
if not changed:
- logging.info("No connection with UUID {0} to volatilize".format(uuid))
+ logging.info("No connection with UUID %s to volatilize", uuid)
return changed
diff --git a/module_utils/network_lsr/nm_provider.py b/module_utils/network_lsr/nm_provider.py
index c75242a..d6168eb 100644
--- a/module_utils/network_lsr/nm_provider.py
+++ b/module_utils/network_lsr/nm_provider.py
@@ -1,6 +1,10 @@
# SPDX-License-Identifier: BSD-3-Clause
""" Support for NetworkManager aka the NM provider """
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
# pylint: disable=import-error, no-name-in-module
from ansible.module_utils.network_lsr.utils import Util # noqa:E501
diff --git a/module_utils/network_lsr/utils.py b/module_utils/network_lsr/utils.py
index 73d9528..bc258fe 100644
--- a/module_utils/network_lsr/utils.py
+++ b/module_utils/network_lsr/utils.py
@@ -2,18 +2,23 @@
# SPDX-License-Identifier: BSD-3-Clause
# vim: fileencoding=utf8
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
import socket
import sys
import uuid
# pylint: disable=import-error, no-name-in-module
-from ansible.module_utils.network_lsr import MyError # noqa:E501
+from ansible.module_utils.network_lsr.myerror import MyError # noqa:E501
class Util:
PY3 = sys.version_info[0] == 3
+ # pylint: disable=undefined-variable
STRING_TYPE = str if PY3 else basestring # noqa:F821
@staticmethod
@@ -241,7 +246,8 @@ class Util:
n = int(c, 16) * 16
i = 1
else:
- assert i == 1
+ if not i == 1:
+ raise AssertionError("i != 1 - value is {0}".format(i))
n = n + int(c, 16)
i = 2
b.append(n)
diff --git a/tests/ensure_provider_tests.py b/tests/ensure_provider_tests.py
index 3620729..4e45e6a 100755
--- a/tests/ensure_provider_tests.py
+++ b/tests/ensure_provider_tests.py
@@ -73,8 +73,6 @@ NM_ONLY_TESTS = {
MINIMUM_VERSION: "'1.25.1'",
"comment": "# NetworkManager 1.25.1 introduced ethtool coalesce support",
},
- "playbooks/tests_802_1x_updated.yml": {},
- "playbooks/tests_802_1x.yml": {},
"playbooks/tests_reapply.yml": {},
# team interface is not supported on Fedora
"playbooks/tests_team.yml": {
@@ -117,9 +115,7 @@ def create_nm_playbook(test_playbook):
EXTRA_RUN_CONDITION, ""
)
if extra_run_condition:
- extra_run_condition = "{}{}\n".format(
- EXTRA_RUN_CONDITION_PREFIX, extra_run_condition
- )
+ extra_run_condition = f"{EXTRA_RUN_CONDITION_PREFIX}{extra_run_condition}\n"
nm_version_check = ""
if minimum_nm_version:
@@ -212,7 +208,7 @@ def main():
if missing:
print("ERROR: No NM or initscripts tests found for:\n" + ", \n".join(missing))
- print("Try to generate them with '{} generate'".format(sys.argv[0]))
+ print(f"Try to generate them with '{sys.argv[0]} generate'")
returncode = 1
return returncode
diff --git a/tests/get_coverage.sh b/tests/get_coverage.sh
index 858a8cf..4524fab 100755
--- a/tests/get_coverage.sh
+++ b/tests/get_coverage.sh
@@ -19,7 +19,6 @@ shift
playbook="${1}"
coverage_data="remote-coveragedata-${host}-${playbook%.yml}"
-coverage="/root/.local/bin/coverage"
echo "Getting coverage for ${playbook} on ${host}" >&2
@@ -32,10 +31,15 @@ call_ansible() {
}
remote_coverage_dir="$(mktemp -d /tmp/remote_coverage-XXXXXX)"
+# we want to expand ${remote_coverage_dir} here, so tell SC to be quiet
+# https://github.com/koalaman/shellcheck/wiki/SC2064
+# shellcheck disable=SC2064
trap "rm -rf '${remote_coverage_dir}'" EXIT
ansible-playbook -i "${host}", get_coverage.yml -e "test_playbook=${playbook} destdir=${remote_coverage_dir}"
#COVERAGE_FILE=remote-coverage coverage combine remote-coverage/tests_*/*/root/.coverage
+# https://github.com/koalaman/shellcheck/wiki/SC2046
+# shellcheck disable=SC2046
./merge_coverage.sh coverage "${coverage_data}"-tmp $(find "${remote_coverage_dir}" -type f | tr , _)
cat > tmp_merge_coveragerc <<EOF
diff --git a/tests/get_total_coverage.sh b/tests/get_total_coverage.sh
index ca61746..6413b18 100755
--- a/tests/get_total_coverage.sh
+++ b/tests/get_total_coverage.sh
@@ -12,7 +12,7 @@ then
exit 1
fi
-rm -f remote-coveragedata* "${coveragedata}"
+rm -f remote-coveragedata* "${coverage_data}"
# collect pytest coverage
diff --git a/tests/integration/test_ethernet.py b/tests/integration/test_ethernet.py
index d104d23..4fc7417 100644
--- a/tests/integration/test_ethernet.py
+++ b/tests/integration/test_ethernet.py
@@ -25,10 +25,10 @@ with mock.patch.dict(
class PytestRunEnvironment(nc.RunEnvironment):
def log(self, connections, idx, severity, msg, **kwargs):
if severity == nc.LogLevel.ERROR:
- logging.error("Error: {}".format(connections[idx]))
+ logging.error("Error: %s", connections[idx])
raise RuntimeError(msg)
else:
- logging.debug("Log: {}".format(connections[idx]))
+ logging.debug("Log: %s", connections[idx])
def run_command(self, argv, encoding=None):
command = subprocess.Popen(
diff --git a/tests/merge_coverage.sh b/tests/merge_coverage.sh
index a33e94d..61fcd00 100755
--- a/tests/merge_coverage.sh
+++ b/tests/merge_coverage.sh
@@ -23,6 +23,9 @@ export COVERAGE_FILE="${1}"
shift
tempdir="$(mktemp -d /tmp/coverage_merge-XXXXXX)"
+# we want to expand ${tempdir} here, so tell SC to be quiet
+# https://github.com/koalaman/shellcheck/wiki/SC2064
+# shellcheck disable=SC2064
trap "rm -rf '${tempdir}'" EXIT
cp --backup=numbered -- "${@}" "${tempdir}"
diff --git a/tests/setup_module_utils.sh b/tests/setup_module_utils.sh
deleted file mode 100755
index 18d6a00..0000000
--- a/tests/setup_module_utils.sh
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: MIT
-
-set -euo pipefail
-
-if [ -n "${DEBUG:-}" ] ; then
- set -x
-fi
-
-if [ ! -d "${1:-}" ] ; then
- echo Either ansible is not installed, or there is no ansible/module_utils
- echo in $1 - Skipping
- exit 0
-fi
-
-if [ ! -d "${2:-}" ] ; then
- echo Role has no module_utils - Skipping
- exit 0
-fi
-
-# we need absolute path for $2
-absmoddir=$( readlink -f "$2" )
-
-# clean up old links to module_utils
-for item in "$1"/* ; do
- if lnitem=$( readlink "$item" ) && test -n "$lnitem" ; then
- case "$lnitem" in
- *"${2}"*) rm -f "$item" ;;
- esac
- fi
-done
-
-# add new links to module_utils
-for item in "$absmoddir"/* ; do
- case "$item" in
- *__pycache__) continue;;
- *.pyc) continue;;
- esac
- bnitem=$( basename "$item" )
- ln -s "$item" "$1/$bnitem"
-done
diff --git a/tox.ini b/tox.ini
index 6ff26e7..59c58a2 100644
--- a/tox.ini
+++ b/tox.ini
@@ -17,6 +17,3 @@ setenv =
RUN_PYTEST_EXTRA_ARGS = -v
RUN_FLAKE8_EXTRA_ARGS = --exclude tests/ensure_provider_tests.py,scripts/print_all_options.py,tests/network/ensure_provider_tests.py,.svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg
LSR_PUBLISH_COVERAGE = normal
-
-[testenv:shellcheck]
-commands = bash -c 'echo shellcheck is currently not enabled - please fix this'
--
2.30.2

48
SOURCES/network-disable-bondtests.diff Normal file
View File

@ -0,0 +1,48 @@
diff --git a/tests/playbooks/tests_bond.yml b/tests/playbooks/tests_bond.yml
index d646a0b..8689d59 100644
--- a/tests/playbooks/tests_bond_deprecated.yml
+++ b/tests/playbooks/tests_bond_deprecated.yml
@@ -8,6 +8,8 @@
dhcp_interface1: test1
slave2_profile: bond0.1
dhcp_interface2: test2
+ tags:
+ - "tests::expfail"
tasks:
- name: "INIT Prepare setup"
debug:
diff --git a/tests/tests_bond_initscripts.yml b/tests/tests_bond_initscripts.yml
index 8fa74c5..6a231c4 100644
--- a/tests/tests_bond_deprecated_initscripts.yml
+++ b/tests/tests_bond_deprecated_initscripts.yml
@@ -9,5 +9,6 @@
network_provider: initscripts
tags:
- always
+ - "tests::expfail"
- import_playbook: playbooks/tests_bond_deprecated.yml
diff --git a/tests/playbooks/tests_bond.yml b/tests/playbooks/tests_bond.yml
index d646a0b..8689d59 100644
--- a/tests/playbooks/tests_bond.yml
+++ b/tests/playbooks/tests_bond.yml
@@ -13,6 +13,8 @@
dhcp_interface1: test1
port2_profile: bond0.1
dhcp_interface2: test2
+ tags:
+ - "tests::expfail"
tasks:
- name: "INIT Prepare setup"
debug:
diff --git a/tests/tests_bond_initscripts.yml b/tests/tests_bond_initscripts.yml
index 8fa74c5..6a231c4 100644
--- a/tests/tests_bond_initscripts.yml
+++ b/tests/tests_bond_initscripts.yml
@@ -9,5 +9,6 @@
network_provider: initscripts
tags:
- always
+ - "tests::expfail"
- import_playbook: playbooks/tests_bond.yml

401
SOURCES/network-epel-minimal.diff Normal file
View File

@ -0,0 +1,401 @@
diff --git a/tests/playbooks/integration_pytest_python3.yml b/tests/playbooks/integration_pytest_python3.yml
index 075355b..5fc9dea 100644
--- a/tests/playbooks/integration_pytest_python3.yml
+++ b/tests/playbooks/integration_pytest_python3.yml
@@ -9,6 +9,11 @@
- rsync
tasks:
+ - name: Install EPEL for RHEL and CentOS
+ # yamllint disable-line rule:line-length
+ command: "yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm"
+ when: ansible_distribution in ["CentOS", "RedHat"]
+
- name: Install rpm dependencies
package:
state: present
diff --git a/tests/tasks/el_repo_setup.yml b/tests/tasks/el_repo_setup.yml
deleted file mode 100644
index 0656e8c..0000000
--- a/tests/tasks/el_repo_setup.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-# SPDX-License-Identifier: BSD-3-Clause
-- name: Fix CentOS6 Base repo
- copy:
- dest: /etc/yum.repos.d/CentOS-Base.repo
- content: |
- [base]
- name=CentOS-$releasever - Base
- baseurl=https://vault.centos.org/6.10/os/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
-
- [updates]
- name=CentOS-$releasever - Updates
- baseurl=https://vault.centos.org/6.10/updates/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
-
- [extras]
- name=CentOS-$releasever - Extras
- baseurl=https://vault.centos.org/6.10/extras/$basearch/
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
- when:
- - ansible_distribution == 'CentOS'
- - ansible_distribution_major_version == '6'
-- include_tasks: enable_epel.yml
diff --git a/tests/tasks/setup_802_1x_server.yml b/tests/tasks/setup_802_1x_server.yml
index 49d1ce1..3bf16a9 100644
--- a/tests/tasks/setup_802_1x_server.yml
+++ b/tests/tasks/setup_802_1x_server.yml
@@ -1,5 +1,7 @@
# SPDX-License-Identifier: BSD-3-Clause
---
+- include_tasks: enable_epel.yml
+
- name: Install hostapd
package:
name: hostapd
diff --git a/tests/tasks/setup_mock_wifi.yml b/tests/tasks/setup_mock_wifi.yml
index 997b704..d7a1e22 100644
--- a/tests/tasks/setup_mock_wifi.yml
+++ b/tests/tasks/setup_mock_wifi.yml
@@ -1,5 +1,7 @@
# SPDX-License-Identifier: BSD-3-Clause
---
+- include_tasks: enable_epel.yml
+
- name: Install packages required to set up mock wifi network
package:
name:
diff --git a/tests/tests_802_1x_nm.yml b/tests/tests_802_1x_nm.yml
index a27d8ea..288cd5d 100644
--- a/tests/tests_802_1x_nm.yml
+++ b/tests/tests_802_1x_nm.yml
@@ -5,7 +5,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_802_1x.yml' with nm as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
diff --git a/tests/tests_802_1x_updated_nm.yml b/tests/tests_802_1x_updated_nm.yml
index 5a25f5b..bd335e4 100644
--- a/tests/tests_802_1x_updated_nm.yml
+++ b/tests/tests_802_1x_updated_nm.yml
@@ -5,7 +5,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_802_1x_updated.yml' with nm as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
diff --git a/tests/tests_bond_deprecated_initscripts.yml b/tests/tests_bond_deprecated_initscripts.yml
index 1e74bcc..383b488 100644
--- a/tests/tests_bond_deprecated_initscripts.yml
+++ b/tests/tests_bond_deprecated_initscripts.yml
@@ -4,7 +4,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_bond_deprecated.yml' with initscripts
tasks:
- - include_tasks: tasks/el_repo_setup.yml
- name: Set network provider to 'initscripts'
set_fact:
network_provider: initscripts
diff --git a/tests/tests_bond_initscripts.yml b/tests/tests_bond_initscripts.yml
index 32fcc32..8fa74c5 100644
--- a/tests/tests_bond_initscripts.yml
+++ b/tests/tests_bond_initscripts.yml
@@ -4,7 +4,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_bond.yml' with initscripts as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
- name: Set network provider to 'initscripts'
set_fact:
network_provider: initscripts
diff --git a/tests/tests_bond_nm.yml b/tests/tests_bond_nm.yml
index 7075d95..8ac6cbd 100644
--- a/tests/tests_bond_nm.yml
+++ b/tests/tests_bond_nm.yml
@@ -5,7 +5,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_bond.yml' with nm as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
diff --git a/tests/tests_bridge_initscripts.yml b/tests/tests_bridge_initscripts.yml
index 8ce42e6..db5663c 100644
--- a/tests/tests_bridge_initscripts.yml
+++ b/tests/tests_bridge_initscripts.yml
@@ -4,7 +4,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_bridge.yml' with initscripts as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
- name: Set network provider to 'initscripts'
set_fact:
network_provider: initscripts
diff --git a/tests/tests_bridge_nm.yml b/tests/tests_bridge_nm.yml
index 3d1b53a..c565952 100644
--- a/tests/tests_bridge_nm.yml
+++ b/tests/tests_bridge_nm.yml
@@ -5,7 +5,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_bridge.yml' with nm as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
diff --git a/tests/tests_default.yml b/tests/tests_default.yml
index e196314..f6f7550 100644
--- a/tests/tests_default.yml
+++ b/tests/tests_default.yml
@@ -5,7 +5,6 @@
roles:
- linux-system-roles.network
tasks:
- - include_tasks: tasks/el_repo_setup.yml
- name: Test warning and info logs
assert:
that:
diff --git a/tests/tests_default_initscripts.yml b/tests/tests_default_initscripts.yml
index 006889c..cc8b875 100644
--- a/tests/tests_default_initscripts.yml
+++ b/tests/tests_default_initscripts.yml
@@ -2,7 +2,6 @@
---
- hosts: all
tasks:
- - include_tasks: tasks/el_repo_setup.yml
- name: Set network provider to 'initscripts'
set_fact:
network_provider: initscripts
diff --git a/tests/tests_default_nm.yml b/tests/tests_default_nm.yml
index 54bc3e1..8138ca9 100644
--- a/tests/tests_default_nm.yml
+++ b/tests/tests_default_nm.yml
@@ -2,7 +2,6 @@
---
- hosts: all
tasks:
- - include_tasks: tasks/el_repo_setup.yml
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
diff --git a/tests/tests_ethernet_initscripts.yml b/tests/tests_ethernet_initscripts.yml
index 366b052..62e75fe 100644
--- a/tests/tests_ethernet_initscripts.yml
+++ b/tests/tests_ethernet_initscripts.yml
@@ -4,8 +4,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_ethernet.yml' with initscripts as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
-
- name: Set network provider to 'initscripts'
set_fact:
network_provider: initscripts
diff --git a/tests/tests_ethernet_nm.yml b/tests/tests_ethernet_nm.yml
index 238172d..ecefa14 100644
--- a/tests/tests_ethernet_nm.yml
+++ b/tests/tests_ethernet_nm.yml
@@ -5,8 +5,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_ethernet.yml' with nm as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
-
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
diff --git a/tests/tests_ethtool_features_initscripts.yml b/tests/tests_ethtool_features_initscripts.yml
index 5bac5d3..6aea73b 100644
--- a/tests/tests_ethtool_features_initscripts.yml
+++ b/tests/tests_ethtool_features_initscripts.yml
@@ -2,7 +2,6 @@
# set network provider and gather facts
- hosts: all
tasks:
- - include_tasks: tasks/el_repo_setup.yml
- name: Set network provider to 'initscripts'
set_fact:
network_provider: initscripts
diff --git a/tests/tests_ethtool_features_nm.yml b/tests/tests_ethtool_features_nm.yml
index 2027862..30c6faa 100644
--- a/tests/tests_ethtool_features_nm.yml
+++ b/tests/tests_ethtool_features_nm.yml
@@ -5,8 +5,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_ethtool_features.yml' with nm as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
-
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
diff --git a/tests/tests_helpers_and_asserts.yml b/tests/tests_helpers_and_asserts.yml
index 64e2875..5514182 100644
--- a/tests/tests_helpers_and_asserts.yml
+++ b/tests/tests_helpers_and_asserts.yml
@@ -3,8 +3,6 @@
- name: Check that creating and removing test devices and assertions work
hosts: all
tasks:
- - include_tasks: tasks/el_repo_setup.yml
-
- name: test veth interface management
include_tasks: tasks/create_and_remove_interface.yml
vars:
diff --git a/tests/tests_integration_pytest.yml b/tests/tests_integration_pytest.yml
index 9b80bd4..153214d 100644
--- a/tests/tests_integration_pytest.yml
+++ b/tests/tests_integration_pytest.yml
@@ -1,8 +1,7 @@
# SPDX-License-Identifier: BSD-3-Clause
---
-- hosts: all
- tasks:
- - include_tasks: tasks/el_repo_setup.yml
+- name: Empty play to gather facts
+ hosts: all
- import_playbook: playbooks/integration_pytest_python3.yml
when: (ansible_distribution in ["CentOS", "RedHat"] and
diff --git a/tests/tests_provider_nm.yml b/tests/tests_provider_nm.yml
index 67fcffe..99306a1 100644
--- a/tests/tests_provider_nm.yml
+++ b/tests/tests_provider_nm.yml
@@ -5,8 +5,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_provider.yml' with nm as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
-
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
diff --git a/tests/tests_reapply_nm.yml b/tests/tests_reapply_nm.yml
index eb48ddb..69fb208 100644
--- a/tests/tests_reapply_nm.yml
+++ b/tests/tests_reapply_nm.yml
@@ -5,8 +5,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_reapply.yml' with nm as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
-
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
diff --git a/tests/tests_regression_nm.yml b/tests/tests_regression_nm.yml
index b2c46e9..9eb8084 100644
--- a/tests/tests_regression_nm.yml
+++ b/tests/tests_regression_nm.yml
@@ -3,8 +3,6 @@
# set network provider and gather facts
- hosts: all
tasks:
- - include_tasks: tasks/el_repo_setup.yml
-
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
diff --git a/tests/tests_states_initscripts.yml b/tests/tests_states_initscripts.yml
index fa94103..3e55a43 100644
--- a/tests/tests_states_initscripts.yml
+++ b/tests/tests_states_initscripts.yml
@@ -4,8 +4,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_states.yml' with initscripts as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
-
- name: Set network provider to 'initscripts'
set_fact:
network_provider: initscripts
diff --git a/tests/tests_states_nm.yml b/tests/tests_states_nm.yml
index 34c8a24..3164a3a 100644
--- a/tests/tests_states_nm.yml
+++ b/tests/tests_states_nm.yml
@@ -5,8 +5,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_states.yml' with nm as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
-
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
diff --git a/tests/tests_team_nm.yml b/tests/tests_team_nm.yml
index 8048029..0516765 100644
--- a/tests/tests_team_nm.yml
+++ b/tests/tests_team_nm.yml
@@ -5,8 +5,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_team.yml' with nm as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
-
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
diff --git a/tests/tests_unit.yml b/tests/tests_unit.yml
index 44dfaec..8c5388b 100644
--- a/tests/tests_unit.yml
+++ b/tests/tests_unit.yml
@@ -3,7 +3,7 @@
- hosts: all
name: Setup for test running
tasks:
- - include_tasks: tasks/el_repo_setup.yml
+ - include_tasks: tasks/enable_epel.yml
- name: Install dependencies
package:
diff --git a/tests/tests_vlan_mtu_initscripts.yml b/tests/tests_vlan_mtu_initscripts.yml
index dcd5d74..37770a9 100644
--- a/tests/tests_vlan_mtu_initscripts.yml
+++ b/tests/tests_vlan_mtu_initscripts.yml
@@ -4,8 +4,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_vlan_mtu.yml' with initscripts as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
-
- name: Set network provider to 'initscripts'
set_fact:
network_provider: initscripts
diff --git a/tests/tests_vlan_mtu_nm.yml b/tests/tests_vlan_mtu_nm.yml
index c38263c..f201de3 100644
--- a/tests/tests_vlan_mtu_nm.yml
+++ b/tests/tests_vlan_mtu_nm.yml
@@ -5,8 +5,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_vlan_mtu.yml' with nm as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
-
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
diff --git a/tests/tests_wireless_nm.yml b/tests/tests_wireless_nm.yml
index 03b5ad6..86baf67 100644
--- a/tests/tests_wireless_nm.yml
+++ b/tests/tests_wireless_nm.yml
@@ -5,8 +5,6 @@
- hosts: all
name: Run playbook 'playbooks/tests_wireless.yml' with nm as provider
tasks:
- - include_tasks: tasks/el_repo_setup.yml
-
- name: Set network provider to 'nm'
set_fact:
network_provider: nm

35
SOURCES/network-pr353.diff Normal file
View File

@ -0,0 +1,35 @@
From f4fabea55429077c2a4e94fe8015c4ab57f58ff3 Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Mon, 15 Feb 2021 11:02:55 +0100
Subject: [PATCH] README: remove "slaves" leftover from documentation
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
README.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 6b15673..06a8b1b 100644
--- a/README.md
+++ b/README.md
@@ -300,7 +300,7 @@ different or the profile may not be tied to an interface at all.
The `zone` option sets the firewalld zone for the interface.
-Slaves to the bridge, bond or team devices cannot specify a zone.
+Ports to the bridge, bond or team devices cannot specify a zone.
### `ip`
@@ -367,7 +367,7 @@ The IP configuration supports the following options:
**Note:** When `route_append_only` or `rule_append_only` is not specified, the `network` role deletes the current routes or routing rules.
-**Note:** Slaves to the bridge, bond or team devices cannot specify `ip` settings.
+**Note:** Ports to the bridge, bond or team devices cannot specify `ip` settings.
### `ethtool`
--
2.29.2

14
SOURCES/network-tier1-tags.diff
View File

@ -23,7 +23,7 @@ index 9cce1ae..76d99e9 100644
+ tasks:
+ - import_tasks: tasks/restore_state.yml
diff --git a/tests/playbooks/tests_bond.yml b/tests/playbooks/tests_bond.yml
index ab3ee43..d646a0b 100644
index 69f07f8..1e45788 100644
--- a/tests/playbooks/tests_bond.yml
+++ b/tests/playbooks/tests_bond.yml
@@ -1,5 +1,10 @@
@ -36,8 +36,8 @@ index ab3ee43..d646a0b 100644
+
- hosts: all
vars:
master_profile: bond0
@@ -94,3 +99,8 @@
controller_profile: bond0
@@ -95,3 +100,8 @@
- import_tasks: tasks/remove_test_interfaces_with_dhcp.yml
tags:
- "tests::cleanup"
@ -457,7 +457,7 @@ index 0000000..5690aed
+ register: etc_sysconfig_network_stat
+ ignore_errors: yes
diff --git a/tests/tests_802_1x_nm.yml b/tests/tests_802_1x_nm.yml
index 3bd0719..77cf2d9 100644
index 288cd5d..840958d 100644
--- a/tests/tests_802_1x_nm.yml
+++ b/tests/tests_802_1x_nm.yml
@@ -4,6 +4,8 @@
@ -469,14 +469,14 @@ index 3bd0719..77cf2d9 100644
tasks:
- name: Set network provider to 'nm'
set_fact:
@@ -21,3 +23,5 @@
@@ -17,3 +19,5 @@
- import_playbook: playbooks/tests_802_1x.yml
when:
- ansible_distribution_major_version != '6'
+ tags:
+ - tests::expfail
diff --git a/tests/tests_802_1x_updated_nm.yml b/tests/tests_802_1x_updated_nm.yml
index 0d4c741..ca666a6 100644
index bd335e4..4ebcaf9 100644
--- a/tests/tests_802_1x_updated_nm.yml
+++ b/tests/tests_802_1x_updated_nm.yml
@@ -4,6 +4,8 @@
@ -488,7 +488,7 @@ index 0d4c741..ca666a6 100644
tasks:
- name: Set network provider to 'nm'
set_fact:
@@ -21,3 +23,5 @@
@@ -17,3 +19,5 @@
- import_playbook: playbooks/tests_802_1x_updated.yml
when:
- ansible_distribution_major_version != '6'

4
SOURCES/rhel-system-roles-kdump-pr22.diff
View File

@ -44,10 +44,10 @@ index bf24210..504ff34 100644
path {{ kdump_path }}
{% if kdump_core_collector %}
diff --git a/tests/tests_ssh.yml b/tests/tests_ssh.yml
index 679148e..14a59d9 100644
index 1da99df..d12e884 100644
--- a/tests/tests_ssh.yml
+++ b/tests/tests_ssh.yml
@@ -6,6 +6,11 @@
@@ -5,6 +5,11 @@
# known and ansible is supposed to be configured to be able to
# connect to it (via inventory).
kdump_ssh_server_outside: localhost

148
SOURCES/rhel-system-roles-network-prefix.diff
View File

@ -1,148 +0,0 @@
diff --git a/examples/bond_simple.yml b/examples/bond_simple.yml
index 4ca9811..f6f5897 100644
--- a/examples/bond_simple.yml
+++ b/examples/bond_simple.yml
@@ -32,5 +32,5 @@
interface_name: eth2
master: bond0
roles:
- - linux-system-roles.network
+ - rhel-system-roles.network
...
diff --git a/examples/bond_with_vlan.yml b/examples/bond_with_vlan.yml
index 2e6be23..3b7a6dc 100644
--- a/examples/bond_with_vlan.yml
+++ b/examples/bond_with_vlan.yml
@@ -35,4 +35,4 @@
- "192.0.2.{{ network_iphost }}/24"
roles:
- - linux-system-roles.network
+ - rhel-system-roles.network
diff --git a/examples/bridge_with_vlan.yml b/examples/bridge_with_vlan.yml
index 037ff8e..83c586d 100644
--- a/examples/bridge_with_vlan.yml
+++ b/examples/bridge_with_vlan.yml
@@ -33,4 +33,4 @@
- "192.0.2.{{ network_iphost }}/24"
roles:
- - linux-system-roles.network
+ - rhel-system-roles.network
diff --git a/examples/eth_simple_auto.yml b/examples/eth_simple_auto.yml
index 0ba168a..e4c4a54 100644
--- a/examples/eth_simple_auto.yml
+++ b/examples/eth_simple_auto.yml
@@ -15,4 +15,4 @@
mtu: 1450
roles:
- - linux-system-roles.network
+ - rhel-system-roles.network
diff --git a/examples/eth_with_802_1x.yml b/examples/eth_with_802_1x.yml
index 92a93a9..7731b7d 100644
--- a/examples/eth_with_802_1x.yml
+++ b/examples/eth_with_802_1x.yml
@@ -27,4 +27,4 @@
- client.pem
- cacert.pem
roles:
- - linux-system-roles.network
+ - rhel-system-roles.network
diff --git a/examples/eth_with_vlan.yml b/examples/eth_with_vlan.yml
index 69da673..e0c2f11 100644
--- a/examples/eth_with_vlan.yml
+++ b/examples/eth_with_vlan.yml
@@ -26,4 +26,4 @@
- "192.0.2.{{ network_iphost }}/24"
roles:
- - linux-system-roles.network
+ - rhel-system-roles.network
diff --git a/examples/ethtool_features.yml b/examples/ethtool_features.yml
index c580f89..0881316 100644
--- a/examples/ethtool_features.yml
+++ b/examples/ethtool_features.yml
@@ -3,7 +3,7 @@
- hosts: all
tasks:
- include_role:
- name: linux-system-roles.network
+ name: rhel-system-roles.network
vars:
network_connections:
- name: "{{ network_interface_name1 }}"
diff --git a/examples/ethtool_features_default.yml b/examples/ethtool_features_default.yml
index 78965e6..3cdd731 100644
--- a/examples/ethtool_features_default.yml
+++ b/examples/ethtool_features_default.yml
@@ -3,7 +3,7 @@
- hosts: all
tasks:
- include_role:
- name: linux-system-roles.network
+ name: rhel-system-roles.network
vars:
network_connections:
- name: "{{ network_interface_name1 }}"
diff --git a/examples/infiniband.yml b/examples/infiniband.yml
index 22603d9..9e7e267 100644
--- a/examples/infiniband.yml
+++ b/examples/infiniband.yml
@@ -23,4 +23,4 @@
- 198.51.100.133/30
roles:
- - linux-system-roles.network
+ - rhel-system-roles.network
diff --git a/examples/macvlan.yml b/examples/macvlan.yml
index 90cd09d..0064ad4 100644
--- a/examples/macvlan.yml
+++ b/examples/macvlan.yml
@@ -26,4 +26,4 @@
- 192.168.1.1/24
roles:
- - linux-system-roles.network
+ - rhel-system-roles.network
diff --git a/examples/remove+down_profile.yml b/examples/remove+down_profile.yml
index da2b1b8..f2d93e8 100644
--- a/examples/remove+down_profile.yml
+++ b/examples/remove+down_profile.yml
@@ -8,5 +8,5 @@
persistent_state: absent
state: down
roles:
- - linux-system-roles.network
+ - rhel-system-roles.network
...
diff --git a/examples/wireless_wpa_psk.yml b/examples/wireless_wpa_psk.yml
index eeec22f..60b0d83 100644
--- a/examples/wireless_wpa_psk.yml
+++ b/examples/wireless_wpa_psk.yml
@@ -12,4 +12,4 @@
# see https://docs.ansible.com/ansible/latest/user_guide/vault.html
password: "p@55w0rD"
roles:
- - linux-system-roles.network
+ - rhel-system-roles.network
diff --git a/tests/playbooks/down_profile.yml b/tests/playbooks/down_profile.yml
index 5087240..65e542d 100644
--- a/tests/playbooks/down_profile.yml
+++ b/tests/playbooks/down_profile.yml
@@ -7,4 +7,4 @@
- name: "{{ profile }}"
state: down
roles:
- - linux-system-roles.network
+ - rhel-system-roles.network
diff --git a/tests/playbooks/remove_profile.yml b/tests/playbooks/remove_profile.yml
index a50e848..b6e6796 100644
--- a/tests/playbooks/remove_profile.yml
+++ b/tests/playbooks/remove_profile.yml
@@ -7,4 +7,4 @@
- name: "{{ profile }}"
persistent_state: absent
roles:
- - linux-system-roles.network
+ - rhel-system-roles.network

40
SOURCES/rhel-system-roles-postfix-prefix.diff
View File

@ -1,40 +0,0 @@
diff --git a/README.md b/README.md
index 5950215..a59d72f 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ Install and enable postfix. Configure "relay_domains=$mydestination" and
relay_domains: "$mydestination"
relay_host: "example.com"
roles:
- - postfix
+ - linux-system-roles.postfix
```
Install and enable postfix. Do not run 'postfix check' before restarting
@@ -37,7 +37,7 @@ postfix:
vars:
postfix_check: false
roles:
- - postfix
+ - linux-system-roles.postfix
```
Install and enable postfix. Do single backup of main.cf (older backup will be
@@ -51,7 +51,7 @@ rewritten) and configure "relay_host=example.com":
relay_host: "example.com"
postfix_backup: true
roles:
- - postfix
+ - linux-system-roles.postfix
```
Install and enable postfix. Do timestamped backup of main.cf and
@@ -66,7 +66,7 @@ set to true postfix_backup is ignored):
relay_host: "example.com"
postfix_backup_multiple: true
roles:
- - postfix
+ - linux-system-roles.postfix
```

32
SOURCES/rhel-system-roles-selinux-prefix.diff
View File

@ -1,32 +0,0 @@
diff --git a/README.md b/README.md
index a0385b0..6efc62d 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ This role can be configured using variab
vars:
[ see below ]
roles:
- - role: linux-system-roles.selinux
+ - role: rhel-system-roles.selinux
become: true
```
diff --git a/selinux-playbook.yml b/selinux-playbook.yml
index 78d3953..b2348d5 100644
--- a/selinux-playbook.yml
+++ b/selinux-playbook.yml
@@ -31,7 +31,7 @@
- name: execute the role and catch errors
block:
- include_role:
- name: linux-system-roles.selinux
+ name: rhel-system-roles.selinux
rescue:
# Fail if failed for a different reason than selinux_reboot_required.
- name: handle errors
@@ -52,4 +52,4 @@
- name: reapply the role
include_role:
- name: linux-system-roles.selinux
+ name: rhel-system-roles.selinux

13
SOURCES/rhel-system-roles-storage-prefix.diff
View File

@ -1,13 +0,0 @@
diff --git a/README.md b/README.md
index c2debc9..d9e40b3 100644
--- a/README.md
+++ b/README.md
@@ -154,7 +154,7 @@ Example Playbook
- hosts: all
roles:
- - name: linux-system-roles.storage
+ - name: rhel-system-roles.storage
storage_pools:
- name: app
disks:

46
SOURCES/rhel-system-roles-timesync-prefix.diff
View File

@ -1,46 +0,0 @@
diff -up timesync-1.0.0/README.md.orig timesync-1.0.0/README.md
--- timesync-1.0.0/README.md.orig 2018-08-21 11:46:41.000000000 +0200
+++ timesync-1.0.0/README.md 2018-11-06 22:29:14.586770442 +0100
@@ -82,7 +82,7 @@ Install and configure ntp to synchronize
- hostname: baz.example.com
iburst: yes
roles:
- - linux-system-roles.timesync
+ - rhel-system-roles.timesync
```
Install and configure linuxptp to synchronize the system clock with a
@@ -95,7 +95,7 @@ grandmaster in PTP domain number 0, whic
- number: 0
interfaces: [ eth0 ]
roles:
- - linux-system-roles.timesync
+ - rhel-system-roles.timesync
```
Install and configure chrony and linuxptp to synchronize the system clock with
@@ -122,5 +122,5 @@ synchronization:
transport: UDPv4
delay: 0.000010
roles:
- - linux-system-roles.timesync
+ - rhel-system-roles.timesync
```
diff -up timesync-85b90feedee2a5b3148fd3f72b229b44ec597682/examples/multiple-ntp-servers.yml.orig timesync-85b90feedee2a5b3148fd3f72b229b44ec597682/examples/multiple-ntp-servers.yml
--- timesync-85b90feedee2a5b3148fd3f72b229b44ec597682/examples/multiple-ntp-servers.yml.orig 2019-06-03 18:03:18.081868584 +0200
+++ timesync-85b90feedee2a5b3148fd3f72b229b44ec597682/examples/multiple-ntp-servers.yml 2019-06-03 18:03:26.718704991 +0200
@@ -11,4 +11,4 @@
- hostname: 3.pool.ntp.org
iburst: yes
roles:
- - linux-system-roles.timesync
+ - rhel-system-roles.timesync
diff -up timesync-85b90feedee2a5b3148fd3f72b229b44ec597682/examples/single-pool.yml.orig timesync-85b90feedee2a5b3148fd3f72b229b44ec597682/examples/single-pool.yml
--- timesync-85b90feedee2a5b3148fd3f72b229b44ec597682/examples/single-pool.yml.orig 2019-06-03 16:36:40.000000000 +0200
+++ timesync-85b90feedee2a5b3148fd3f72b229b44ec597682/examples/single-pool.yml 2019-06-03 18:03:36.721515519 +0200
@@ -6,4 +6,4 @@
pool: yes
iburst: yes
roles:
- - linux-system-roles.timesync
+ - rhel-system-roles.timesync

164
SOURCES/selinux-ansible-test-issues.diff Normal file
View File

@ -0,0 +1,164 @@
From 9cbbc3f63052bef0b6a697e066e092a5f9722ce8 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Mon, 22 Feb 2021 17:11:05 -0800
Subject: [PATCH] Patch23: selinux-ansible-test-issues.diff
---
.sanity-ansible-ignore-2.10.txt | 2 ++
.sanity-ansible-ignore-2.9.txt | 2 ++
library/selogin.py | 26 ++++++++++-----------
tests/setup_module_utils.sh | 41 ---------------------------------
4 files changed, 16 insertions(+), 55 deletions(-)
create mode 100644 .sanity-ansible-ignore-2.10.txt
create mode 100644 .sanity-ansible-ignore-2.9.txt
delete mode 100755 tests/setup_module_utils.sh
diff --git a/.sanity-ansible-ignore-2.10.txt b/.sanity-ansible-ignore-2.10.txt
new file mode 100644
index 0000000..5f8ce1e
--- /dev/null
+++ b/.sanity-ansible-ignore-2.10.txt
@@ -0,0 +1,2 @@
+plugins/modules/selogin.py no-get-exception
+plugins/modules/selogin.py validate-modules!skip
diff --git a/.sanity-ansible-ignore-2.9.txt b/.sanity-ansible-ignore-2.9.txt
new file mode 100644
index 0000000..5f8ce1e
--- /dev/null
+++ b/.sanity-ansible-ignore-2.9.txt
@@ -0,0 +1,2 @@
+plugins/modules/selogin.py no-get-exception
+plugins/modules/selogin.py validate-modules!skip
diff --git a/library/selogin.py b/library/selogin.py
index b785c27..6e3fd32 100644
--- a/library/selogin.py
+++ b/library/selogin.py
@@ -15,6 +15,9 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
ANSIBLE_METADATA = {
"status": ["preview"],
@@ -22,13 +25,14 @@ ANSIBLE_METADATA = {
"version": "1.0",
}
-DOCUMENTATION = """
+DOCUMENTATION = r"""
---
module: selogin
short_description: Manages linux user to SELinux user mapping
description:
- - Manages linux user to SELinux user mapping
-version_added: "1.0"
+ - "WARNING: Do not use this module directly! It is only for role internal use."
+ - Manages linux user to SELinux user mapping
+version_added: '1.0'
options:
login:
description:
@@ -41,8 +45,7 @@ options:
required: true
default: null
serange:
- description:
- - >-
+ description: >
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login
mapping - defaults to the SELinux user record range.
required: false
@@ -62,8 +65,9 @@ notes:
- The changes are persistent across reboots
- Not tested on any debian based system
requirements: [ 'libselinux-python', 'policycoreutils-python' ]
-author: Dan Keder
-author: Petr Lautrbach
+author:
+ - Dan Keder (@dkeder)
+ - Petr Lautrbach (@bachradsusi)
"""
EXAMPLES = """
@@ -82,7 +86,7 @@ EXAMPLES = """
# Assign all users in the engineering group to the staff_u user
- selogin:
- login: %engineering
+ login: "%engineering"
seuser: staff_u
state: present
"""
@@ -198,9 +202,6 @@ def semanage_login_add(module, login, seuser, do_reload, serange="s0", sestore="
except KeyError:
e = get_exception()
module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e)))
- except OSError:
- e = get_exception()
- module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e)))
except RuntimeError:
e = get_exception()
module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e)))
@@ -248,9 +249,6 @@ def semanage_login_del(module, login, seuser, do_reload, sestore=""):
except KeyError:
e = get_exception()
module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e)))
- except OSError:
- e = get_exception()
- module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e)))
except RuntimeError:
e = get_exception()
module.fail_json(msg="%s: %s\n" % (e.__class__.__name__, str(e)))
diff --git a/tests/setup_module_utils.sh b/tests/setup_module_utils.sh
deleted file mode 100755
index 94d102d..0000000
--- a/tests/setup_module_utils.sh
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: MIT
-
-set -euo pipefail
-
-if [ -n "${DEBUG:-}" ] ; then
- set -x
-fi
-
-if [ ! -d "${1:-}" ] ; then
- echo Either ansible is not installed, or there is no ansible/module_utils
- echo in "$1" - Skipping
- exit 0
-fi
-
-if [ ! -d "${2:-}" ] ; then
- echo Role has no module_utils - Skipping
- exit 0
-fi
-
-# we need absolute path for $2
-absmoddir=$( readlink -f "$2" )
-
-# clean up old links to module_utils
-for item in "$1"/* ; do
- if lnitem=$( readlink "$item" ) && test -n "$lnitem" ; then
- case "$lnitem" in
- *"${2}"*) rm -f "$item" ;;
- esac
- fi
-done
-
-# add new links to module_utils
-for item in "$absmoddir"/* ; do
- case "$item" in
- *__pycache__) continue;;
- *.pyc) continue;;
- esac
- bnitem=$( basename "$item" )
- ln -s "$item" "$1/$bnitem"
-done
--
2.26.2

34
SOURCES/selinux-bz-1926947-no-variable-named-present.diff Normal file
View File

@ -0,0 +1,34 @@
From 035a9b2db26af071a95e02a0af08bcbb73b69abf Mon Sep 17 00:00:00 2001
From: Florian Bachmann <fbachmann.public@gmail.com>
Date: Fri, 5 Feb 2021 11:48:53 +0100
Subject: [PATCH] fix incorrect default value (there is no variable named
"present")
---
tasks/main.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tasks/main.yml b/tasks/main.yml
index afbe81f..702e369 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -118,7 +118,7 @@
ports: "{{ item.ports }}"
proto: "{{ item.proto | default('tcp') }}"
setype: "{{ item.setype }}"
- state: "{{ item.state | default(present) }}"
+ state: "{{ item.state | default('present') }}"
with_items: "{{ selinux_ports }}"
- name: Set linux user to SELinux user mapping
@@ -126,6 +126,6 @@
login: "{{ item.login }}"
seuser: "{{ item.seuser }}"
serange: "{{ item.serange | default('s0') }}"
- state: "{{ item.state | default(present) }}"
+ state: "{{ item.state | default('present') }}"
reload: "{{ item.reload | default(False) }}"
with_items: "{{ selinux_logins }}"
--
2.29.2

32
SOURCES/selinux-tier1-tags.diff
View File

@ -16,10 +16,18 @@ index f294101..7571066 100644
command: /usr/sbin/semanage boolean -l -n -C
register: selinux_role_boolean
diff --git a/tests/tests_all_purge.yml b/tests/tests_all_purge.yml
index 03dfe05..c686837 100644
index 03dfe05..6775847 100644
--- a/tests/tests_all_purge.yml
+++ b/tests/tests_all_purge.yml
@@ -14,7 +14,9 @@
@@ -8,13 +8,17 @@
fcontext -a -t user_home_dir_t /tmp/test_dir
login -a -s staff_u sar-user
+ tags:
+ - 'tests::avc'
tasks:
- name: Install SELinux tool semanage on Fedora
package:
name:
- policycoreutils-python-utils
state: present
@ -47,8 +55,7 @@ diff --git a/tests/tests_boolean.yml b/tests/tests_boolean.yml
index 47eafc0..2aa0025 100644
--- a/tests/tests_boolean.yml
+++ b/tests/tests_boolean.yml
@@ -1,5 +1,6 @@
@@ -1,4 +1,5 @@
- name: Check if selinux role sets SELinux booleans
+ tags: tests::expfail
hosts: all
@ -80,10 +87,9 @@ diff --git a/tests/tests_login.yml b/tests/tests_login.yml
index efa826d..c7ce462 100644
--- a/tests/tests_login.yml
+++ b/tests/tests_login.yml
@@ -18,7 +18,7 @@
@@ -18,6 +18,6 @@
- { login: 'sar-user', seuser: 'staff_u', serange: 's0-s0:c0.c1023', state: 'present' }
- - include: set_selinux_variables.yml
+ - import_tasks: set_selinux_variables.yml
- name: save state after initial changes and before other changes
@ -103,10 +109,18 @@ index 446f79d..7bb112e 100644
set_fact:
port_after: "{{ selinux_role_port.stdout }}"
diff --git a/tests/tests_selinux_disabled.yml b/tests/tests_selinux_disabled.yml
index afd23e4..706882f 100644
index afd23e4..883dc6d 100644
--- a/tests/tests_selinux_disabled.yml
+++ b/tests/tests_selinux_disabled.yml
@@ -18,7 +18,9 @@
@@ -12,13 +12,17 @@
fcontext -a -t user_home_dir_t /tmp/test_dir
login -a -s staff_u sar-user
+ tags:
+ - 'tests::avc'
tasks:
- name: Install SELinux tool semanage on Fedora
package:
name:
- policycoreutils-python-utils
state: present
@ -157,6 +171,6 @@ index afd23e4..706882f 100644
+ state: absent
+
+ - import_role:
+ name: selinux
+ name: linux-system-roles.selinux
+ vars:
+ selinux_all_purge: true

43
SOURCES/sshd-example.diff Normal file
View File

@ -0,0 +1,43 @@
diff --git a/README.md b/README.md
index 676ad72..dc06d85 100644
--- a/README.md
+++ b/README.md
@@ -190,7 +190,7 @@ defaults. This is useful if the role is used in deployment stage to make sure
the service is able to start on the first attempt. To disable this check, set
this to empty list.
-* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_group`
+* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_mode`
Use these variables to set the ownership and permissions for the host keys from
the above list.
@@ -273,6 +273,8 @@ for example:
X11Forwarding: yes
```
+More example playbooks can be found in [`examples/`](examples/) directory.
+
Template Generation
-------------------
diff --git a/examples/example-root-login.yml b/examples/example-root-login.yml
new file mode 100644
index 0000000..156e629
--- /dev/null
+++ b/examples/example-root-login.yml
@@ -0,0 +1,15 @@
+---
+- hosts: all
+ tasks:
+ - name: Configure sshd to prevent root and password login except from particular subnet
+ include_role:
+ name: ansible-sshd
+ vars:
+ sshd:
+ # root login and password login is enabled only from a particular subnet
+ PermitRootLogin: no
+ PasswordAuthentication: no
+ Match:
+ - Condition: "Address 192.0.2.0/24"
+ PermitRootLogin: yes
+ PasswordAuthentication: yes

25
SOURCES/sshd-work-on-ansible28-jinja27.diff Normal file
View File

@ -0,0 +1,25 @@
From bb612fb6c5f76a40fce368acb43d2847e699213d Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Thu, 28 Jan 2021 15:56:14 -0700
Subject: [PATCH] use state: absent instead of state: missing
---
tests/tests_hostkeys_missing.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/tests_hostkeys_missing.yml b/tests/tests_hostkeys_missing.yml
index 9dfe77b..5790684 100644
--- a/tests/tests_hostkeys_missing.yml
+++ b/tests/tests_hostkeys_missing.yml
@@ -40,7 +40,7 @@
- name: Make sure the key was not created
file:
path: /tmp/missing_ssh_host_rsa_key
- state: missing
+ state: absent
register: key
failed_when: key.changed
tags: tests::verify
--
2.29.2

3663
SOURCES/storage-ansible-test.diff Normal file
View File

File diff suppressed because it is too large Load Diff

142
SOURCES/storage-no-disks-existing.diff Normal file
View File

@ -0,0 +1,142 @@
diff --git a/library/blivet.py b/library/blivet.py
index eb8bb11..e927121 100644
--- a/library/blivet.py
+++ b/library/blivet.py
@@ -104,6 +104,7 @@ try:
from blivet3.formats import get_format
from blivet3.partitioning import do_partitioning
from blivet3.size import Size
+ from blivet3.udev import trigger
from blivet3.util import set_up_logging
BLIVET_PACKAGE = 'blivet3'
except ImportError:
@@ -116,6 +117,7 @@ except ImportError:
from blivet.formats import get_format
from blivet.partitioning import do_partitioning
from blivet.size import Size
+ from blivet.udev import trigger
from blivet.util import set_up_logging
BLIVET_PACKAGE = 'blivet'
except ImportError:
@@ -821,7 +823,10 @@ class BlivetPool(BlivetBase):
def _look_up_disks(self):
""" Look up the pool's disks in blivet's device tree. """
- if not self._pool['disks']:
+ if self._disks:
+ return
+
+ if not self._device and not self._pool['disks']:
raise BlivetAnsibleError("no disks specified for pool '%s'" % self._pool['name'])
elif not isinstance(self._pool['disks'], list):
raise BlivetAnsibleError("pool disks must be specified as a list")
@@ -832,7 +837,7 @@ class BlivetPool(BlivetBase):
if device is not None: # XXX fail if any disk isn't resolved?
disks.append(device)
- if self._pool['disks'] and not disks:
+ if self._pool['disks'] and not self._device and not disks:
raise BlivetAnsibleError("unable to resolve any disks specified for pool '%s' (%s)" % (self._pool['name'], self._pool['disks']))
self._disks = disks
@@ -974,9 +979,9 @@ class BlivetPool(BlivetBase):
""" Schedule actions to configure this pool according to the yaml input. """
global safe_mode
# look up the device
- self._look_up_disks()
self._look_up_device()
self._apply_defaults()
+ self._look_up_disks()
# schedule destroy if appropriate, including member type change
if not self.ultimately_present:
@@ -999,6 +1004,7 @@ class BlivetPartitionPool(BlivetPool):
return self._device.partitionable
def _look_up_device(self):
+ self._look_up_disks()
self._device = self._disks[0]
def _create(self):
@@ -1354,6 +1360,13 @@ def run_module():
actions.append(action)
+ def ensure_udev_update(action):
+ if action.is_create:
+ sys_path = action.device.path
+ if os.path.islink(sys_path):
+ sys_path = os.readlink(action.device.path)
+ trigger(action='change', subsystem='block', name=os.path.basename(sys_path))
+
def action_dict(action):
return dict(action=action.type_desc_str,
fs_type=action.format.type if action.is_format else None,
@@ -1395,6 +1408,7 @@ def run_module():
if scheduled:
# execute the scheduled actions, committing changes to disk
callbacks.action_executed.add(record_action)
+ callbacks.action_executed.add(ensure_udev_update)
try:
b.devicetree.actions.process(devices=b.devicetree.devices, dry_run=module.check_mode)
except Exception as e:
diff --git a/tests/tests_existing_lvm_pool.yml b/tests/tests_existing_lvm_pool.yml
new file mode 100644
index 0000000..854ac0d
--- /dev/null
+++ b/tests/tests_existing_lvm_pool.yml
@@ -0,0 +1,54 @@
+---
+- hosts: all
+ become: true
+ vars:
+ mount_location: '/opt/test1'
+ volume_group_size: '5g'
+ volume_size: '4g'
+ pool_name: foo
+
+ tasks:
+ - include_role:
+ name: linux-system-roles.storage
+
+ - include_tasks: get_unused_disk.yml
+ vars:
+ min_size: "{{ volume_group_size }}"
+ max_return: 1
+
+ - name: Create one LVM logical volume under one volume group
+ include_role:
+ name: linux-system-roles.storage
+ vars:
+ storage_pools:
+ - name: "{{ pool_name }}"
+ disks: "{{ unused_disks }}"
+ volumes:
+ - name: test1
+ size: "{{ volume_size }}"
+
+ - include_tasks: verify-role-results.yml
+
+ - name: Create another volume in the existing pool, identified only by name.
+ include_role:
+ name: linux-system-roles.storage
+ vars:
+ storage_pools:
+ - name: "{{ pool_name }}"
+ volumes:
+ - name: newvol
+ size: '2 GiB'
+ fs_type: ext4
+ fs_label: newvol
+
+ - include_tasks: verify-role-results.yml
+
+ - name: Clean up.
+ include_role:
+ name: linux-system-roles.storage
+ vars:
+ storage_pools:
+ - name: "{{ pool_name }}"
+ state: absent
+
+ - include_tasks: verify-role-results.yml

30
SOURCES/storage-partition-name.diff Normal file
View File

@ -0,0 +1,30 @@
commit effb7faf20301ddcee8ee36a1b156a0b9f006bb0
Author: David Lehman <dlehman@redhat.com>
Date: Tue Aug 4 16:00:33 2020 -0400
Be smarter in choosing expected partition name.
BlivetVolume._get_device_id is only used to look up pre-existing
volumes, so we don't have to try too hard to guess it by name.
We can just see if the disk has a single partition and, if so,
return the name of that partition.
Fixes: #141
diff --git a/library/blivet.py b/library/blivet.py
index eb8bb11..0f7ce98 100644
--- a/library/blivet.py
+++ b/library/blivet.py
@@ -554,7 +554,11 @@ class BlivetPartitionVolume(BlivetVolume):
return self._device.raw_device.type == 'partition'
def _get_device_id(self):
- return self._blivet_pool._disks[0].name + '1'
+ device_id = None
+ if self._blivet_pool._disks[0].partitioned and len(self._blivet_pool._disks[0].children) == 1:
+ device_id = self._blivet_pool._disks[0].children[0].name
+
+ return device_id
def _resize(self):
pass

602
SOURCES/storage-safemode-luks.diff
View File

@ -1,602 +0,0 @@
diff --git a/library/blivet.py b/library/blivet.py
index cb48e71..e1903f3 100644
--- a/library/blivet.py
+++ b/library/blivet.py
@@ -167,11 +167,16 @@ class BlivetBase(object):
raise NotImplementedError()
def _manage_one_encryption(self, device):
+ global safe_mode
ret = device
# Make sure to handle adjusting both existing stacks and future stacks.
if device == device.raw_device and self._spec_dict['encryption']:
# add luks
luks_name = "luks-%s" % device._name
+ if safe_mode and (device.original_format.type is not None or
+ device.original_format.name != get_format(None).name):
+ raise BlivetAnsibleError("cannot remove existing formatting on device '%s' in safe mode due to adding encryption" %
+ device._name)
if not device.format.exists:
fmt = device.format
else:
@@ -196,6 +201,10 @@ class BlivetBase(object):
ret = luks_device
elif device != device.raw_device and not self._spec_dict['encryption']:
# remove luks
+ if safe_mode and (device.original_format.type is not None or
+ device.original_format.name != get_format(None).name):
+ raise BlivetAnsibleError("cannot remove existing formatting on device '%s' in safe mode due to encryption removal" %
+ device._name)
if not device.format.exists:
fmt = device.format
else:
@@ -823,17 +832,21 @@ class BlivetPool(BlivetBase):
def manage(self):
""" Schedule actions to configure this pool according to the yaml input. """
+ global safe_mode
# look up the device
self._look_up_disks()
self._look_up_device()
# schedule destroy if appropriate, including member type change
- if not self.ultimately_present or self._member_management_is_destructive():
- if not self.ultimately_present:
- self._manage_volumes()
+ if not self.ultimately_present:
+ self._manage_volumes()
self._destroy()
- if not self.ultimately_present:
- return
+ return
+ elif self._member_management_is_destructive():
+ if safe_mode:
+ raise BlivetAnsibleError("cannot remove and recreate existing pool '%s' in safe mode" % self._pool['name'])
+ else:
+ self._destroy()
# schedule create if appropriate
self._create()
diff --git a/tests/create-test-file.yml b/tests/create-test-file.yml
new file mode 100644
index 0000000..d1091e2
--- /dev/null
+++ b/tests/create-test-file.yml
@@ -0,0 +1,13 @@
+# Create a file to be checked that it still exists and no data loss has occured.
+# To use:
+# - set testfile to a path under the mountpoint being tested
+# - include this file (create-test-file.yml) before executing the
+# operation to be tested
+# - execute the operation that could potentially result in a loss of
+# data in the filesystem where testfile is located
+# - include verify-data-preservation.yml
+
+- name: create a file
+ file:
+ path: "{{ testfile }}"
+ state: touch
diff --git a/tests/tests_luks.yml b/tests/tests_luks.yml
index f93efe5..f733714 100644
--- a/tests/tests_luks.yml
+++ b/tests/tests_luks.yml
@@ -2,8 +2,8 @@
- hosts: all
become: true
vars:
- storage_safe_mode: false
mount_location: '/opt/test1'
+ testfile: "{{ mount_location }}/quux"
volume_size: '5g'
tasks:
@@ -64,10 +64,47 @@
- include_tasks: verify-role-results.yml
+ - import_tasks: create-test-file.yml
+
+ - name: Test for correct handling of safe_mode
+ block:
+ - name: Remove the encryption layer
+ include_role:
+ name: storage
+ vars:
+ storage_volumes:
+ - name: foo
+ type: disk
+ disks: "{{ unused_disks }}"
+ mount_point: "{{ mount_location }}"
+ encryption: false
+ encryption_password: 'yabbadabbadoo'
+ - name: unreachable task
+ fail:
+ msg: UNREACH
+ rescue:
+ - name: Check that we failed in the role
+ assert:
+ that:
+ - ansible_failed_result.msg != 'UNREACH'
+ msg: "Role has not failed when it should have"
+
+ - name: Verify the output of the safe_mode test
+ assert:
+ that: "blivet_output.failed and
+ blivet_output.msg
+ |regex_search('cannot remove existing
+ formatting.*in safe mode due to encryption removal')
+ and not blivet_output.changed"
+ msg: "Unexpected behavior w/ existing filesystem in safe mode"
+
+ - import_tasks: verify-data-preservation.yml
+
- name: Remove the encryption layer
include_role:
name: storage
vars:
+ storage_safe_mode: false
storage_volumes:
- name: foo
type: disk
@@ -78,10 +115,47 @@
- include_tasks: verify-role-results.yml
+ - import_tasks: create-test-file.yml
+
+ - name: Test for correct handling of safe_mode
+ block:
+ - name: Add encryption to the volume
+ include_role:
+ name: storage
+ vars:
+ storage_volumes:
+ - name: foo
+ type: disk
+ disks: "{{ unused_disks }}"
+ mount_point: "{{ mount_location }}"
+ encryption: true
+ encryption_password: 'yabbadabbadoo'
+ - name: unreachable task
+ fail:
+ msg: UNREACH
+ rescue:
+ - name: Check that we failed in the role
+ assert:
+ that:
+ - ansible_failed_result.msg != 'UNREACH'
+ msg: "Role has not failed when it should have"
+
+ - name: Verify the output of the safe_mode test
+ assert:
+ that: "blivet_output.failed and
+ blivet_output.msg
+ |regex_search('cannot remove existing
+ formatting.*in safe mode due to adding encryption')
+ and not blivet_output.changed"
+ msg: "Unexpected behavior w/ existing filesystem in safe mode"
+
+ - import_tasks: verify-data-preservation.yml
+
- name: Add encryption to the volume
include_role:
name: storage
vars:
+ storage_safe_mode: false
storage_volumes:
- name: foo
type: disk
@@ -102,6 +176,7 @@
include_role:
name: storage
vars:
+ storage_safe_mode: false
storage_pools:
- name: foo
type: partition
@@ -135,6 +210,7 @@
include_role:
name: storage
vars:
+ storage_safe_mode: false
storage_pools:
- name: foo
type: partition
@@ -149,10 +225,51 @@
- include_tasks: verify-role-results.yml
+ - import_tasks: create-test-file.yml
+
+ - name: Test for correct handling of safe_mode
+ block:
+ - name: Remove the encryption layer
+ include_role:
+ name: storage
+ vars:
+ storage_pools:
+ - name: foo
+ type: partition
+ disks: "{{ unused_disks }}"
+ volumes:
+ - name: test1
+ type: partition
+ mount_point: "{{ mount_location }}"
+ size: 4g
+ encryption: false
+ encryption_password: 'yabbadabbadoo'
+ - name: unreachable task
+ fail:
+ msg: UNREACH
+ rescue:
+ - name: Check that we failed in the role
+ assert:
+ that:
+ - ansible_failed_result.msg != 'UNREACH'
+ msg: "Role has not failed when it should have"
+
+ - name: Verify the output of the safe_mode test
+ assert:
+ that: "blivet_output.failed and
+ blivet_output.msg
+ |regex_search('cannot remove existing
+ formatting.*in safe mode due to encryption removal')
+ and not blivet_output.changed"
+ msg: "Unexpected behavior w/ existing filesystem in safe mode"
+
+ - import_tasks: verify-data-preservation.yml
+
- name: Remove the encryption layer
include_role:
name: storage
vars:
+ storage_safe_mode: false
storage_pools:
- name: foo
type: partition
@@ -167,6 +284,48 @@
- include_tasks: verify-role-results.yml
+ - import_tasks: create-test-file.yml
+
+ - name: Test for correct handling of safe_mode
+ block:
+ - name: Add encryption to the volume
+ include_role:
+ name: storage
+ vars:
+ storage_pools:
+ - name: foo
+ type: partition
+ disks: "{{ unused_disks }}"
+ volumes:
+ - name: test1
+ type: partition
+ mount_point: "{{ mount_location }}"
+ size: 4g
+ encryption: true
+ encryption_password: 'yabbadabbadoo'
+
+ - name: unreachable task
+ fail:
+ msg: UNREACH
+
+ rescue:
+ - name: Check that we failed in the role
+ assert:
+ that:
+ - ansible_failed_result.msg != 'UNREACH'
+ msg: "Role has not failed when it should have"
+
+ - name: Verify the output of the safe_mode test
+ assert:
+ that: "blivet_output.failed and
+ blivet_output.msg
+ |regex_search('cannot remove existing
+ formatting.*in safe mode due to adding encryption')
+ and not blivet_output.changed"
+ msg: "Unexpected behavior w/ existing volume in safe mode"
+
+ - import_tasks: verify-data-preservation.yml
+
- name: Test key file handling
block:
- name: Create a key file
@@ -186,6 +345,7 @@
include_role:
name: storage
vars:
+ storage_safe_mode: false
storage_pools:
- name: foo
type: partition
@@ -216,6 +376,7 @@
include_role:
name: storage
vars:
+ storage_safe_mode: false
storage_pools:
- name: foo
type: lvm
@@ -248,6 +409,7 @@
include_role:
name: storage
vars:
+ storage_safe_mode: false
storage_pools:
- name: foo
type: lvm
@@ -264,10 +426,52 @@
- include_tasks: verify-role-results.yml
+ - import_tasks: create-test-file.yml
+
+ - name: Test for correct handling of safe_mode
+ block:
+ - name: Remove the encryption layer
+ include_role:
+ name: storage
+ vars:
+ storage_pools:
+ - name: foo
+ type: lvm
+ disks: "{{ unused_disks }}"
+ volumes:
+ - name: test1
+ mount_point: "{{ mount_location }}"
+ size: 4g
+ encryption: false
+ encryption_password: 'yabbadabbadoo'
+
+ - name: unreachable task
+ fail:
+ msg: UNREACH
+
+ rescue:
+ - name: Check that we failed in the role
+ assert:
+ that:
+ - ansible_failed_result.msg != 'UNREACH'
+ msg: "Role has not failed when it should have"
+
+ - name: Verify the output of the safe_mode test
+ assert:
+ that: "blivet_output.failed and
+ blivet_output.msg
+ |regex_search('cannot remove existing
+ formatting.*in safe mode due to encryption removal')
+ and not blivet_output.changed"
+ msg: "Unexpected behavior w/ existing volume in safe mode"
+
+ - import_tasks: verify-data-preservation.yml
+
- name: Remove the encryption layer
include_role:
name: storage
vars:
+ storage_safe_mode: false
storage_pools:
- name: foo
type: lvm
@@ -281,10 +485,52 @@
- include_tasks: verify-role-results.yml
+ - import_tasks: create-test-file.yml
+
+ - name: Test for correct handling of safe_mode
+ block:
+ - name: Add encryption to the volume
+ include_role:
+ name: storage
+ vars:
+ storage_pools:
+ - name: foo
+ type: lvm
+ disks: "{{ unused_disks }}"
+ volumes:
+ - name: test1
+ mount_point: "{{ mount_location }}"
+ size: 4g
+ encryption: true
+ encryption_password: 'yabbadabbadoo'
+
+ - name: unreachable task
+ fail:
+ msg: UNREACH
+
+ rescue:
+ - name: Check that we failed in the role
+ assert:
+ that:
+ - ansible_failed_result.msg != 'UNREACH'
+ msg: "Role has not failed when it should have"
+
+ - name: Verify the output of the safe_mode test
+ assert:
+ that: "blivet_output.failed and
+ blivet_output.msg
+ |regex_search('cannot remove existing
+ formatting.*in safe mode due to adding encryption')
+ and not blivet_output.changed"
+ msg: "Unexpected behavior w/ existing volume in safe mode"
+
+ - import_tasks: verify-data-preservation.yml
+
- name: Add encryption to the volume
include_role:
name: storage
vars:
+ storage_safe_mode: false
storage_pools:
- name: foo
type: lvm
diff --git a/tests/tests_luks_pool.yml b/tests/tests_luks_pool.yml
index b20b806..f44916f 100644
--- a/tests/tests_luks_pool.yml
+++ b/tests/tests_luks_pool.yml
@@ -2,9 +2,10 @@
- hosts: all
become: true
vars:
- storage_safe_mode: false
mount_location: '/opt/test1'
mount_location_2: '/opt/test2'
+ testfile: "{{ mount_location }}/quux"
+ testfile_location_2: "{{ mount_location_2 }}/quux"
volume_size: '5g'
tasks:
@@ -92,10 +93,50 @@
state: absent
changed_when: false
+ - import_tasks: create-test-file.yml
+
+ - name: Test for correct handling of safe_mode
+ block:
+ - name: Remove the encryption layer
+ include_role:
+ name: storage
+ vars:
+ storage_pools:
+ - name: foo
+ type: lvm
+ disks: "{{ unused_disks }}"
+ encryption: false
+ encryption_password: 'yabbadabbadoo'
+ volumes:
+ - name: test1
+ mount_point: "{{ mount_location }}"
+ size: 4g
+ - name: unreachable task
+ fail:
+ msg: UNREACH
+ rescue:
+ - name: Check that we failed in the role
+ assert:
+ that:
+ - ansible_failed_result.msg != 'UNREACH'
+ msg: "Role has not failed when it should have"
+
+ - name: Verify the output of the safe_mode test
+ assert:
+ that: "blivet_output.failed and
+ blivet_output.msg
+ |regex_search('cannot remove and recreate existing
+ pool.*in safe mode')
+ and not blivet_output.changed"
+ msg: "Unexpected behavior w/ existing pool in safe mode"
+
+ - import_tasks: verify-data-preservation.yml
+
- name: Remove the encryption layer
include_role:
name: storage
vars:
+ storage_safe_mode: false
storage_pools:
- name: foo
type: lvm
@@ -109,10 +150,53 @@
- include_tasks: verify-role-results.yml
- - name: Add encryption to the volume
+ - import_tasks: create-test-file.yml
+
+ - name: Test for correct handling of safe_mode
+ block:
+ - name: Add encryption to the pool
+ include_role:
+ name: storage
+ vars:
+ storage_pools:
+ - name: foo
+ type: lvm
+ disks: "{{ unused_disks }}"
+ encryption: true
+ encryption_password: 'yabbadabbadoo'
+ encryption_luks_version: luks1
+ encryption_key_size: 512
+ encryption_cipher: 'serpent-xts-plain64'
+ volumes:
+ - name: test1
+ mount_point: "{{ mount_location }}"
+ size: 4g
+ - name: unreachable task
+ fail:
+ msg: UNREACH
+ rescue:
+ - name: Check that we failed in the role
+ assert:
+ that:
+ - ansible_failed_result.msg != 'UNREACH'
+ msg: "Role has not failed when it should have"
+
+ - name: Verify the output of the safe_mode test
+ assert:
+ that: "blivet_output.failed and
+ blivet_output.msg
+ |regex_search('cannot remove and recreate existing
+ pool.*in safe mode')
+ and not blivet_output.changed"
+ msg: "Unexpected behavior w/ existing pool in safe mode"
+
+ - import_tasks: verify-data-preservation.yml
+
+ - name: Add encryption to the pool
include_role:
name: storage
vars:
+ storage_safe_mode: false
storage_pools:
- name: foo
type: lvm
@@ -129,6 +213,8 @@
- include_tasks: verify-role-results.yml
+ - import_tasks: create-test-file.yml
+
- name: Change the mountpoint, leaving encryption in place
include_role:
name: storage
@@ -144,6 +230,10 @@
mount_point: "{{ mount_location_2 }}"
size: 4g
+ - import_tasks: verify-data-preservation.yml
+ vars:
+ testfile: "{{ testfile_location_2 }}"
+
- include_tasks: verify-role-results.yml
- name: Clean up
diff --git a/tests/verify-data-preservation.yml b/tests/verify-data-preservation.yml
new file mode 100644
index 0000000..eed790f
--- /dev/null
+++ b/tests/verify-data-preservation.yml
@@ -0,0 +1,19 @@
+# Verify that a file still exists and no data loss has occured.
+# To use:
+# - set testfile to a path under the mountpoint being tested
+# - include create-test-file.yml before executing the operation to be
+# tested
+# - execute the operation that could potentially result in a loss of
+# data in the filesystem where testfile is located
+# - include this file (verify-data-preservation.yml)
+
+- name: stat the file
+ stat:
+ path: "{{ testfile }}"
+ register: stat_r
+
+- name: assert file presence
+ assert:
+ that:
+ stat_r.stat.isreg is defined and stat_r.stat.isreg
+ msg: "data lost!"

326
SOURCES/storage-trim-volume-size.diff Normal file
View File

@ -0,0 +1,326 @@
diff --git a/library/blivet.py b/library/blivet.py
index e927121..f59f821 100644
--- a/library/blivet.py
+++ b/library/blivet.py
@@ -130,6 +130,9 @@ if BLIVET_PACKAGE:
set_up_logging()
log = logging.getLogger(BLIVET_PACKAGE + ".ansible")
+
+MAX_TRIM_PERCENT = 2
+
use_partitions = None # create partitions on pool backing device disks?
disklabel_type = None # user-specified disklabel type
safe_mode = None # do not remove any existing devices or formatting
@@ -445,8 +448,16 @@ class BlivetVolume(BlivetBase):
if not self._device.resizable:
return
- if self._device.format.resizable:
- self._device.format.update_size_info()
+ trim_percent = (1.0 - float(self._device.max_size / size))*100
+ log.debug("resize: size=%s->%s ; trim=%s", self._device.size, size, trim_percent)
+ if size > self._device.max_size and trim_percent <= MAX_TRIM_PERCENT:
+ log.info("adjusting %s resize target from %s to %s to fit in free space",
+ self._volume['name'],
+ size,
+ self._device.max_size)
+ size = self._device.max_size
+ if size == self._device.size:
+ return
if not self._device.min_size <= size <= self._device.max_size:
raise BlivetAnsibleError("volume '%s' cannot be resized to '%s'" % (self._volume['name'], size))
@@ -610,10 +621,18 @@ class BlivetLVMVolume(BlivetVolume):
raise BlivetAnsibleError("invalid size '%s' specified for volume '%s'" % (self._volume['size'], self._volume['name']))
fmt = self._get_format()
+ trim_percent = (1.0 - float(parent.free_space / size))*100
+ log.debug("size: %s ; %s", size, trim_percent)
if size > parent.free_space:
- raise BlivetAnsibleError("specified size for volume '%s' exceeds available space in pool '%s' (%s)" % (size,
- parent.name,
- parent.free_space))
+ if trim_percent > MAX_TRIM_PERCENT:
+ raise BlivetAnsibleError("specified size for volume '%s' exceeds available space in pool '%s' (%s)"
+ % (size, parent.name, parent.free_space))
+ else:
+ log.info("adjusting %s size from %s to %s to fit in %s free space", self._volume['name'],
+ size,
+ parent.free_space,
+ parent.name)
+ size = parent.free_space
try:
device = self._blivet.new_lv(name=self._volume['name'],
diff --git a/tests/tests_create_lv_size_equal_to_vg.yml b/tests/tests_create_lv_size_equal_to_vg.yml
new file mode 100644
index 0000000..21a5788
--- /dev/null
+++ b/tests/tests_create_lv_size_equal_to_vg.yml
@@ -0,0 +1,48 @@
+---
+- hosts: all
+ become: true
+ vars:
+ storage_safe_mode: false
+ mount_location: '/opt/test1'
+ volume_group_size: '10g'
+ lv_size: '10g'
+ unused_disk_subfact: '{{ ansible_devices[unused_disks[0]] }}'
+ disk_size: '{{ unused_disk_subfact.sectors|int *
+ unused_disk_subfact.sectorsize|int }}'
+
+ tasks:
+ - include_role:
+ name: linux-system-roles.storage
+
+ - include_tasks: get_unused_disk.yml
+ vars:
+ min_size: "{{ volume_group_size }}"
+ max_return: 1
+
+ - name: Create one lv which size is equal to vg size
+ include_role:
+ name: linux-system-roles.storage
+ vars:
+ storage_pools:
+ - name: foo
+ disks: "{{ unused_disks }}"
+ volumes:
+ - name: test1
+ size: "{{ lv_size }}"
+ mount_point: "{{ mount_location }}"
+
+ - include_tasks: verify-role-results.yml
+
+ - name: Clean up
+ include_role:
+ name: linux-system-roles.storage
+ vars:
+ storage_pools:
+ - name: foo
+ disks: "{{ unused_disks }}"
+ state: "absent"
+ volumes:
+ - name: test1
+ mount_point: "{{ mount_location }}"
+
+ - include_tasks: verify-role-results.yml
diff --git a/tests/tests_lvm_auto_size_cap.yml b/tests/tests_lvm_auto_size_cap.yml
new file mode 100644
index 0000000..fb17c23
--- /dev/null
+++ b/tests/tests_lvm_auto_size_cap.yml
@@ -0,0 +1,89 @@
+---
+- hosts: all
+ become: true
+
+ tasks:
+ - include_role:
+ name: linux-system-roles.storage
+
+ - include_tasks: get_unused_disk.yml
+ vars:
+ min_size: 10g
+ max_return: 1
+
+ - command: lsblk -b -l --noheadings -o NAME,SIZE
+ register: storage_test_lsblk
+
+ - set_fact:
+ test_disk_size: "{{ storage_test_lsblk.stdout_lines|map('regex_search', '^' + unused_disks[0] + '\\s+\\d+$')|select('string')|first|regex_replace('^\\w+\\s+', '') }}"
+
+ - package:
+ name: bc
+ state: installed
+
+ - command:
+ cmd: bc
+ stdin: "{{ test_disk_size }} *2"
+ register: doubled_size
+
+ - name: Test handling of too-large LVM volume size
+ block:
+ - name: Try to create a pool containing one volume twice the size of the backing disk
+ include_role:
+ name: linux-system-roles.storage
+ vars:
+ storage_pools:
+ - name: foo
+ type: lvm
+ disks: "{{ unused_disks }}"
+ volumes:
+ - name: test1
+ size: "{{ doubled_size.stdout|trim }}"
+ - name: unreachable task
+ fail:
+ msg: UNREACH
+ rescue:
+ - name: Check that we failed in the role
+ assert:
+ that:
+ - ansible_failed_result.msg != 'UNREACH'
+ - blivet_output.failed and
+ blivet_output.msg|regex_search('specified size for volume.+exceeds available')
+ msg: "Role has not failed when it should have"
+
+ - name: Create a pool containing one volume the same size as the backing disk
+ include_role:
+ name: linux-system-roles.storage
+ vars:
+ storage_pools:
+ - name: foo
+ disks: "{{ unused_disks }}"
+ volumes:
+ - name: test1
+ size: "{{ test_disk_size }}"
+
+ - include_tasks: verify-role-results.yml
+
+ - name: Repeat the previous invocation to verify idempotence
+ include_role:
+ name: linux-system-roles.storage
+ vars:
+ storage_pools:
+ - name: foo
+ type: lvm
+ disks: "{{ unused_disks }}"
+ volumes:
+ - name: test1
+ size: "{{ test_disk_size }}"
+
+ - include_tasks: verify-role-results.yml
+
+ - name: Clean up
+ include_role:
+ name: linux-system-roles.storage
+ vars:
+ storage_pools:
+ - name: foo
+ disks: "{{ unused_disks }}"
+ state: absent
+ volumes: []
diff --git a/tests/tests_lvm_errors.yml b/tests/tests_lvm_errors.yml
index 37d41dc..e8dc4f4 100644
--- a/tests/tests_lvm_errors.yml
+++ b/tests/tests_lvm_errors.yml
@@ -11,8 +11,6 @@
- '/non/existent/disk'
invalid_size: 'xyz GiB'
unused_disk_subfact: '{{ ansible_devices[unused_disks[0]] }}'
- too_large_size: '{{ (unused_disk_subfact.sectors|int + 1) *
- unused_disk_subfact.sectorsize|int }}'
tasks:
- include_role:
@@ -86,39 +84,6 @@
- ansible_failed_result.msg != 'UNREACH'
msg: "Role has not failed when it should have"
- # the following does not work properly
- # - name: Verify the output
- # assert:
- # that: "{{ blivet_output.failed and
- # blivet_output.msg|regex_search('invalid size.+for volume') and
- # not blivet_output.changed }}"
- # msg: "Unexpected behavior w/ invalid volume size"
-
- - name: Test for correct handling of too-large volume size.
- block:
- - name: Try to create LVM with a too-large volume size.
- include_role:
- name: linux-system-roles.storage
- vars:
- storage_pools:
- - name: foo
- disks: "{{ unused_disks }}"
- volumes:
- - name: test1
- size: "{{ too_large_size }}"
- mount_point: "{{ mount_location1 }}"
-
- - name: unreachable task
- fail:
- msg: UNREACH
-
- rescue:
- - name: Check that we failed in the role
- assert:
- that:
- - ansible_failed_result.msg != 'UNREACH'
- msg: "Role has not failed when it should have"
-
# the following does not work properly
# - name: Verify the output
# assert:
@@ -138,7 +103,7 @@
disks: "{{ unused_disks[0] }}"
volumes:
- name: test1
- size: "{{ too_large_size }}"
+ size: "{{ volume_size }}"
mount_point: "{{ mount_location1 }}"
- name: unreachable task
@@ -171,7 +136,7 @@
disks: []
volumes:
- name: test1
- size: "{{ too_large_size }}"
+ size: "{{ volume1_size }}"
mount_point: "{{ mount_location1 }}"
- name: unreachable task
diff --git a/tests/tests_misc.yml b/tests/tests_misc.yml
index a69ee98..3139bc7 100644
--- a/tests/tests_misc.yml
+++ b/tests/tests_misc.yml
@@ -7,7 +7,7 @@
volume_group_size: '5g'
volume1_size: '4g'
unused_disk_subfact: '{{ ansible_devices[unused_disks[0]] }}'
- too_large_size: '{{ (unused_disk_subfact.sectors|int + 1) *
+ too_large_size: '{{ (unused_disk_subfact.sectors|int * 1.2) *
unused_disk_subfact.sectorsize|int }}'
tasks:
diff --git a/tests/tests_resize.yml b/tests/tests_resize.yml
index 9eeb2b9..209d129 100644
--- a/tests/tests_resize.yml
+++ b/tests/tests_resize.yml
@@ -9,7 +9,7 @@
invalid_size1: 'xyz GiB'
invalid_size2: 'none'
unused_disk_subfact: '{{ ansible_devices[unused_disks[0]] }}'
- too_large_size: '{{ (unused_disk_subfact.sectors|int + 1) *
+ too_large_size: '{{ unused_disk_subfact.sectors|int * 1.2 *
unused_disk_subfact.sectorsize|int }}'
disk_size: '{{ unused_disk_subfact.sectors|int *
unused_disk_subfact.sectorsize|int }}'
@@ -122,23 +122,7 @@
size: "{{ disk_size }}"
mount_point: "{{ mount_location }}"
- - name: Unreachable task
- fail:
- msg: UNREACH
-
- rescue:
- - name: Check that we failed in the role
- assert:
- that:
- - ansible_failed_result.msg != 'UNREACH'
- msg: "Role has not failed when it should have"
-
- - name: Verify the output
- assert:
- that: "blivet_output.failed and
- blivet_output.msg|regex_search('volume.+cannot be resized to.+') and
- not blivet_output.changed"
- msg: "Unexpected behavior w/ invalid volume size"
+ - include_tasks: verify-role-results.yml
- name: Test for correct handling of invalid size specification
block:

22
SOURCES/timesync-ansible-test-issues.diff Normal file
View File

@ -0,0 +1,22 @@
From b55af45842482768f29704d90a1e019ffe0f7770 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue, 2 Mar 2021 13:39:19 -0800
Subject: [PATCH] Patch32: timesync-ansible-test-issues.diff
RHELPLAN-68118 - Collections - Timesync - fixing ansible-test errors
RHELPLAN-68789 - Collections - ignore file for each role
---
.sanity-ansible-ignore-2.9.txt | 1 +
1 file changed, 1 insertion(+)
create mode 100644 .sanity-ansible-ignore-2.9.txt
diff --git a/.sanity-ansible-ignore-2.9.txt b/.sanity-ansible-ignore-2.9.txt
new file mode 100644
index 0000000..e6d5e4d
--- /dev/null
+++ b/.sanity-ansible-ignore-2.9.txt
@@ -0,0 +1 @@
+plugins/modules/timesync_provider.sh shebang
--
2.26.2

949
SPECS/rhel-system-roles.spec
View File

File diff suppressed because it is too large Load Diff