import rhel-system-roles-1.21.1-1.el8_8

This commit is contained in:
CentOS Sources 2023-05-16 06:09:33 +00:00 committed by Stepan Oksanichenko
parent c20a826a95
commit bfd57292a0
11 changed files with 1639 additions and 524 deletions

51
.gitignore vendored
View File

@ -1,23 +1,28 @@
SOURCES/ansible-posix-1.4.0.tar.gz
SOURCES/ansible-sshd-9766d9097a87a130d4c8abde2247aaad5c925ecf.tar.gz
SOURCES/auto-maintenance-c22eff88d40972158cd5c413b7468b4e904cc76c.tar.gz
SOURCES/certificate-1.1.6.tar.gz
SOURCES/cockpit-1.3.0.tar.gz
SOURCES/community-general-5.4.0.tar.gz
SOURCES/crypto_policies-1.2.6.tar.gz
SOURCES/firewall-1.4.0.tar.gz
SOURCES/ha_cluster-1.7.4.tar.gz
SOURCES/kdump-1.2.5.tar.gz
SOURCES/kernel_settings-1.1.10.tar.gz
SOURCES/logging-1.10.0.tar.gz
SOURCES/metrics-1.7.3.tar.gz
SOURCES/nbde_client-1.2.6.tar.gz
SOURCES/nbde_server-1.1.5.tar.gz
SOURCES/network-1.9.1.tar.gz
SOURCES/postfix-1.2.4.tar.gz
SOURCES/selinux-1.4.0.tar.gz
SOURCES/ssh-1.1.9.tar.gz
SOURCES/storage-1.9.1.tar.gz
SOURCES/timesync-1.6.9.tar.gz
SOURCES/tlog-1.2.9.tar.gz
SOURCES/vpn-1.3.5.tar.gz
SOURCES/ad_integration-1.0.2.tar.gz
SOURCES/ansible-posix-1.5.1.tar.gz
SOURCES/ansible-sshd-v0.18.1.tar.gz
SOURCES/auto-maintenance-d6a8e0167e9ed8d089093b7ead1e298241b534e1.tar.gz
SOURCES/certificate-1.1.9.tar.gz
SOURCES/cockpit-1.4.3.tar.gz
SOURCES/community-general-6.4.0.tar.gz
SOURCES/containers-podman-1.10.1.tar.gz
SOURCES/crypto_policies-1.2.7.tar.gz
SOURCES/firewall-1.4.2.tar.gz
SOURCES/ha_cluster-1.8.7.tar.gz
SOURCES/journald-1.0.0.tar.gz
SOURCES/kdump-1.2.6.tar.gz
SOURCES/kernel_settings-1.1.11.tar.gz
SOURCES/logging-1.11.5.tar.gz
SOURCES/metrics-1.8.1.tar.gz
SOURCES/nbde_client-1.2.10.tar.gz
SOURCES/nbde_server-1.3.3.tar.gz
SOURCES/network-1.11.2.tar.gz
SOURCES/podman-1.1.2.tar.gz
SOURCES/postfix-1.3.3.tar.gz
SOURCES/rhc-1.1.1.tar.gz
SOURCES/selinux-1.5.6.tar.gz
SOURCES/ssh-1.1.12.tar.gz
SOURCES/storage-1.9.6.tar.gz
SOURCES/timesync-1.7.2.tar.gz
SOURCES/tlog-1.2.11.tar.gz
SOURCES/vpn-1.5.3.tar.gz

View File

@ -1,23 +1,28 @@
bca451fd997be80be30f106e49f1bf550d2e609c SOURCES/ansible-posix-1.4.0.tar.gz
c47e62ecf6502d952378206626ba66e456a73513 SOURCES/ansible-sshd-9766d9097a87a130d4c8abde2247aaad5c925ecf.tar.gz
453a44d1259addc4f702ea79da7b810b420e21f1 SOURCES/auto-maintenance-c22eff88d40972158cd5c413b7468b4e904cc76c.tar.gz
25e2045c8fc9d6455d7c5b0c7d32d4976ebc5178 SOURCES/certificate-1.1.6.tar.gz
77b34cce8b416fec3a50900b47cbe6b8216e3036 SOURCES/cockpit-1.3.0.tar.gz
58f117fafe36a19425b3a9bc0ba69f33e5fa81ee SOURCES/community-general-5.4.0.tar.gz
56bc0763e0b549c3499a80e95d0953ee6769136a SOURCES/crypto_policies-1.2.6.tar.gz
4ee58deb2a514edd81dbcc56508be4ca9fd49089 SOURCES/firewall-1.4.0.tar.gz
6ac7fbfa996fd4425415601d28e5b7b0790682ae SOURCES/ha_cluster-1.7.4.tar.gz
6ae0614d51db00957943fad6967674c0de88862c SOURCES/kdump-1.2.5.tar.gz
17f28f701d7842499b232a7b28daae5f51ea631b SOURCES/kernel_settings-1.1.10.tar.gz
042ba1183db4d36742a21c92111d68415c7c951a SOURCES/logging-1.10.0.tar.gz
4ebbf457b9f0d767d19b7ef322b848e5e4da50ef SOURCES/metrics-1.7.3.tar.gz
80baf489aea9052ad11c84df7a6adfca75ce7a7b SOURCES/nbde_client-1.2.6.tar.gz
2e2ad1b455da8c0a198524a08ffe16f2c954f131 SOURCES/nbde_server-1.1.5.tar.gz
cb01d5d59afdf4f514de5fda2220ea8271ecb699 SOURCES/network-1.9.1.tar.gz
4a31ac4e7d4de65c2a74cfc6f3c4ff852d5a578c SOURCES/postfix-1.2.4.tar.gz
a54aee1fa1b0ee023e4168d0abe880ad6ea64dcb SOURCES/selinux-1.4.0.tar.gz
fcdbd369bcc41df028f842e49ebff28370d3adb4 SOURCES/ssh-1.1.9.tar.gz
10b9bf8f3b16fc99d6070af6dbf82f9f889a8ff6 SOURCES/storage-1.9.1.tar.gz
c0af2701a0f8db1d721bf6df4ba257888be0fe87 SOURCES/timesync-1.6.9.tar.gz
53fd0059c1da4c42228a9c0df592a96cd5a5060f SOURCES/tlog-1.2.9.tar.gz
ec3e9a88af360861ea3ef4be92fbb6776690272d SOURCES/vpn-1.3.5.tar.gz
c531e83edf95f96389a6c1c10ea80ccd2b42cc75 SOURCES/ad_integration-1.0.2.tar.gz
f36cb7b1662ecda55c27f5bc15e0a22a1f11a361 SOURCES/ansible-posix-1.5.1.tar.gz
71c988d6ad9b916727cd93b8e2a2154183f5035a SOURCES/ansible-sshd-v0.18.1.tar.gz
a59d5ba01d5e536e800bc847528f16c16b961375 SOURCES/auto-maintenance-d6a8e0167e9ed8d089093b7ead1e298241b534e1.tar.gz
0e3826af628625ef7b16e3f57b6156128fd982c0 SOURCES/certificate-1.1.9.tar.gz
05148744a2d69d469dc3c678bb1a9fb9747dea26 SOURCES/cockpit-1.4.3.tar.gz
687a4e36e9d8f73a8a44a448da1c205eb0ce5f1c SOURCES/community-general-6.4.0.tar.gz
ccb070885fd455bb6e7f2b8ca050d40d30609fec SOURCES/containers-podman-1.10.1.tar.gz
47e3a2db8790c98fd5c09ab1887318b6ba56ce49 SOURCES/crypto_policies-1.2.7.tar.gz
1c414411b4960040eebcef2ddd528eea0b47f05f SOURCES/firewall-1.4.2.tar.gz
7cfd7d6fa2164fcb757a316e123cbe048f8f0ac9 SOURCES/ha_cluster-1.8.7.tar.gz
97edc58624de8ccb3f4b628a48811094a0dc1513 SOURCES/journald-1.0.0.tar.gz
439ea600c242c914c90933f287f3caf8c7869c12 SOURCES/kdump-1.2.6.tar.gz
49f4bc8f273339cde0cdecccffa7b902359b2601 SOURCES/kernel_settings-1.1.11.tar.gz
7fe83b26f954e55a282a4d5398e3064a7783a83a SOURCES/logging-1.11.5.tar.gz
e217af697b4e3205177360726f579d01b145be77 SOURCES/metrics-1.8.1.tar.gz
cf27267d3d54f1537ddda89f6d4db7abbe55b357 SOURCES/nbde_client-1.2.10.tar.gz
274986399c55eb35f281173621e75eb2d7ae00e6 SOURCES/nbde_server-1.3.3.tar.gz
857b1c3ea5a1a48dc964fb5c139861ba01c9e732 SOURCES/network-1.11.2.tar.gz
fe48a68775bcb87daf3f62ab58a1998ffaa4e6be SOURCES/podman-1.1.2.tar.gz
9244301089661fecca31dfee431b32d4876063be SOURCES/postfix-1.3.3.tar.gz
d96fbd17bc40b40787cc77be61499ea1b15e07fd SOURCES/rhc-1.1.1.tar.gz
bac983e0dcc5041a4c7d4d25849ed31aaf462df7 SOURCES/selinux-1.5.6.tar.gz
1bb35bc413249ce3209e471687afd60e0e25dddb SOURCES/ssh-1.1.12.tar.gz
0eea1b45136cb807740fa12435b02eccdb35a7ac SOURCES/storage-1.9.6.tar.gz
fefc5b4bd9635bb8fe70a9af9fc178cb5d3e8193 SOURCES/timesync-1.7.2.tar.gz
07c42ba749c110a87469a5c477579582c4d0c538 SOURCES/tlog-1.2.11.tar.gz
5b5ee7283092a16e9ec1aba47ee651274f784416 SOURCES/vpn-1.5.3.tar.gz

View File

@ -1,79 +0,0 @@
From 1bda31d2d07ed9042b09b0596904dd4f317d8f48 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 26 Sep 2022 20:20:47 +0200
Subject: [PATCH] Add final version of the option RequiredRSASize (#53)
* Update source template to match generated template
* Add final name of the RequiredRSASize parameter
keeping the old version for backward compatibility.
Upstream commit:
https://github.com/openssh/openssh-portable/commit/54b333d1
---
.dev-tools/10_top.j2 | 4 ++--
.dev-tools/options_body | 1 +
templates/ssh_config.j2 | 3 +++
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/.dev-tools/10_top.j2 b/.dev-tools/10_top.j2
index 99704bd..8411de8 100644
--- a/.dev-tools/10_top.j2
+++ b/.dev-tools/10_top.j2
@@ -7,10 +7,10 @@
{% elif value is sameas false %}
{{ key }} no
{% elif value is string or value is number %}
-{{ key }} {{ value }}
+{{ key }} {{ value | string }}
{% else %}
{% for i in value %}
-{{ key }} {{ i }}
+{{ key }} {{ i | string }}
{% endfor %}
{% endif %}
{% endif %}
diff --git a/.dev-tools/options_body b/.dev-tools/options_body
index 176879d..8cc382f 100644
--- a/.dev-tools/options_body
+++ b/.dev-tools/options_body
@@ -84,6 +84,7 @@ RekeyLimit
RemoteCommand
RemoteForward
RequestTTY
+RequiredRSASize
RevokedHostKeys
RhostsRSAAuthentication
RSAAuthentication
diff --git a/templates/ssh_config.j2 b/templates/ssh_config.j2
index fab57de..7f277c7 100644
--- a/templates/ssh_config.j2
+++ b/templates/ssh_config.j2
@@ -119,6 +119,7 @@ Match {{ match["Condition"] }}
{{ render_option("RemoteCommand",match["RemoteCommand"],true) -}}
{{ render_option("RemoteForward",match["RemoteForward"],true) -}}
{{ render_option("RequestTTY",match["RequestTTY"],true) -}}
+{{ render_option("RequiredRSASize",match["RequiredRSASize"],true) -}}
{{ render_option("RevokedHostKeys",match["RevokedHostKeys"],true) -}}
{{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}}
{{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}}
@@ -240,6 +241,7 @@ Host {{ host["Condition"] }}
{{ render_option("RemoteCommand",host["RemoteCommand"],true) -}}
{{ render_option("RemoteForward",host["RemoteForward"],true) -}}
{{ render_option("RequestTTY",host["RequestTTY"],true) -}}
+{{ render_option("RequiredRSASize",host["RequiredRSASize"],true) -}}
{{ render_option("RevokedHostKeys",host["RevokedHostKeys"],true) -}}
{{ render_option("RhostsRSAAuthentication",host["RhostsRSAAuthentication"],true) -}}
{{ render_option("RSAAuthentication",host["RSAAuthentication"],true) -}}
@@ -354,6 +356,7 @@ Host {{ host["Condition"] }}
{{ body_option("RemoteCommand",ssh_RemoteCommand) -}}
{{ body_option("RemoteForward",ssh_RemoteForward) -}}
{{ body_option("RequestTTY",ssh_RequestTTY) -}}
+{{ body_option("RequiredRSASize",ssh_RequiredRSASize) -}}
{{ body_option("RevokedHostKeys",ssh_RevokedHostKeys) -}}
{{ body_option("RhostsRSAAuthentication",ssh_RhostsRSAAuthentication) -}}
{{ body_option("RSAAuthentication",ssh_RSAAuthentication) -}}
--
2.37.3

View File

@ -1,83 +0,0 @@
From 1408f489240dca04f086e4b32b253313eea28ea8 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 26 Sep 2022 15:26:12 +0200
Subject: [PATCH] Add final version of RequiredRSASize
Keep the old version for backward compatibility
Upstream commit:
https://github.com/openssh/openssh-portable/commit/1875042c
---
meta/options_body | 1 +
meta/options_match | 1 +
templates/sshd_config.j2 | 2 ++
templates/sshd_config_snippet.j2 | 2 ++
4 files changed, 6 insertions(+)
diff --git a/meta/options_body b/meta/options_body
index 8681269..23a00f4 100644
--- a/meta/options_body
+++ b/meta/options_body
@@ -89,6 +89,7 @@ PubkeyAuthentication
RSAAuthentication
RSAMinSize
RekeyLimit
+RequiredRSASize
RevokedKeys
RDomain
RhostsRSAAuthentication
diff --git a/meta/options_match b/meta/options_match
index 6ef9214..5ec1413 100644
--- a/meta/options_match
+++ b/meta/options_match
@@ -47,6 +47,7 @@ PubkeyAuthentication
RDomain
RekeyLimit
RevokedKeys
+RequiredRSASize
RhostsRSAAuthentication
RSAAuthentication
RSAMinSize
diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
index 2899f0a..a3b2465 100644
--- a/templates/sshd_config.j2
+++ b/templates/sshd_config.j2
@@ -89,6 +89,7 @@ Match {{ match["Condition"] }}
{{ render_option("RDomain",match["RDomain"],true) -}}
{{ render_option("RekeyLimit",match["RekeyLimit"],true) -}}
{{ render_option("RevokedKeys",match["RevokedKeys"],true) -}}
+{{ render_option("RequiredRSASize",match["RequiredRSASize"],true) -}}
{{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}}
{{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}}
{{ render_option("RSAMinSize",match["RSAMinSize"],true) -}}
@@ -203,6 +204,7 @@ Match {{ match["Condition"] }}
{{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}}
{{ body_option("RSAMinSize",sshd_RSAMinSize) -}}
{{ body_option("RekeyLimit",sshd_RekeyLimit) -}}
+{{ body_option("RequiredRSASize",sshd_RequiredRSASize) -}}
{{ body_option("RevokedKeys",sshd_RevokedKeys) -}}
{{ body_option("RDomain",sshd_RDomain) -}}
{{ body_option("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) -}}
diff --git a/templates/sshd_config_snippet.j2 b/templates/sshd_config_snippet.j2
index 0ece8ed..a12cb3b 100644
--- a/templates/sshd_config_snippet.j2
+++ b/templates/sshd_config_snippet.j2
@@ -88,6 +88,7 @@ Match {{ match["Condition"] }}
{{ render_option("RDomain",match["RDomain"],true) -}}
{{ render_option("RekeyLimit",match["RekeyLimit"],true) -}}
{{ render_option("RevokedKeys",match["RevokedKeys"],true) -}}
+{{ render_option("RequiredRSASize",match["RequiredRSASize"],true) -}}
{{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}}
{{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}}
{{ render_option("RSAMinSize",match["RSAMinSize"],true) -}}
@@ -202,6 +203,7 @@ Match {{ match["Condition"] }}
{{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}}
{{ body_option("RSAMinSize",sshd_RSAMinSize) -}}
{{ body_option("RekeyLimit",sshd_RekeyLimit) -}}
+{{ body_option("RequiredRSASize",sshd_RequiredRSASize) -}}
{{ body_option("RevokedKeys",sshd_RevokedKeys) -}}
{{ body_option("RDomain",sshd_RDomain) -}}
{{ body_option("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) -}}
--
2.37.3

View File

@ -1,16 +1,52 @@
Changelog
=========
[1.20.1] - 2022-09-27
[1.21.1] - 2023-03-16
----------------------------
### New Features
- [ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles](https://bugzilla.redhat.com/show_bug.cgi?id=2129875)
- [rhc - New Role - Red Hat subscription management, insights management](https://bugzilla.redhat.com/show_bug.cgi?id=2144877)
### Bug Fixes
- none
[1.21.0] - 2023-02-20
----------------------------
### New Features
- [ad_integration - [RFE] new role to support AD integration, join to AD domain](https://bugilla.redhat.com/show_bug.cgi?id=2144876)
- [cockpit - [RFE] convert cockpit role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2137667)
- [ha_cluster - Allow quorum device configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2143814)
- [ha_cluster - [RFE] convert ha_cluster role to use firewall, selinux and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130019)
- [journald - New role - journald - manage systemd-journald](https://bugzilla.redhat.com/show_bug.cgi?id=2165176)
- [logging - [RFE] convert logging role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130362)
- [metrics - [RFE] convert metrics role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133532)
- [nbde_server - [RFE] convert nbde_server role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133931)
- [network - Support cloned MAC address](https://bugzilla.redhat.com/show_bug.cgi?id=2143458)
- [network - [RFE] Support setting the metric of the default route for initscripts provider](https://bugzilla.redhat.com/show_bug.cgi?id=2134201)
- [network - [RFE] Support the DNS priority](https://bugzilla.redhat.com/show_bug.cgi?id=2133856)
- [network - Support looking up named route table in routing rule](https://bugzilla.redhat.com/show_bug.cgi?id=2129620)
- [podman - [RFE] role for managing podman containers and systemd](https://bugzilla.redhat.com/show_bug.cgi?id=2066864)
- [postfix - [RFE] convert postfix role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130332)
- [selinux - add support for the 'local' parameter](https://bugzilla.redhat.com/show_bug.cgi?id=2143385)
- [vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid](https://bugzilla.redhat.com/show_bug.cgi?id=2119600)
- [vpn - [RFE] convert vpn role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130345)
### Bug Fixes
- [ha_cluster - Fix stonith watchdog timeout](https://bugzilla.redhat.com/show_bug.cgi?id=2167941)
- [ha_cluster - Allow enabled SBD on disabled cluster](https://bugzilla.redhat.com/show_bug.cgi?id=2153081)
- [ha_cluster - use no_log in tasks looping over pot. secret parameters](https://bugzilla.redhat.com/show_bug.cgi?id=2127497)
- [nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data](https://bugzilla.redhat.com/show_bug.cgi?id=2159972)
- [nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names](https://bugzilla.redhat.com/show_bug.cgi?id=2126960)
- [network - should route traffic via correct bond](https://bugzilla.redhat.com/show_bug.cgi?id=2168733)
- [selinux - managing modules is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=2164879)
- [sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found](https://bugzilla.redhat.com/show_bug.cgi?id=2143401)
- [tlog - Unconditionally enable the files provider](https://bugzilla.redhat.com/show_bug.cgi?id=2153080)
[1.20.0] - 2022-08-09
----------------------------

1
SOURCES/CHANGELOG.rst Normal file
View File

@ -0,0 +1 @@
See docs/CHANGELOG.md

10
SOURCES/extrasources.inc Normal file
View File

@ -0,0 +1,10 @@
Source801: https://galaxy.ansible.com/download/ansible-posix-1.5.1.tar.gz
Source901: https://galaxy.ansible.com/download/community-general-6.4.0.tar.gz
Source902: https://galaxy.ansible.com/download/containers-podman-1.10.1.tar.gz
Provides: bundled(ansible-collection(ansible.posix)) = 1.5.1
Provides: bundled(ansible-collection(community.general)) = 6.4.0
Provides: bundled(ansible-collection(containers.podman)) = 1.10.1
Source996: CHANGELOG.rst
Source998: collection_readme.sh

View File

@ -1,65 +0,0 @@
From d6c8319f52f3859b28044841063adf0013df878b Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Thu, 25 Mar 2021 13:57:45 -0600
Subject: [PATCH 3/4] Patch53: network-disable-bondtests.diff
---
tests/playbooks/tests_bond.yml | 2 ++
tests/playbooks/tests_bond_deprecated.yml | 2 ++
tests/tests_bond_deprecated_initscripts.yml | 1 +
tests/tests_bond_initscripts.yml | 1 +
4 files changed, 6 insertions(+)
diff --git a/tests/playbooks/tests_bond.yml b/tests/playbooks/tests_bond.yml
index 1e45788..d3005a6 100644
--- a/tests/playbooks/tests_bond.yml
+++ b/tests/playbooks/tests_bond.yml
@@ -8,6 +8,8 @@
dhcp_interface1: test1
port2_profile: bond0.1
dhcp_interface2: test2
+ tags:
+ - "tests::expfail"
tasks:
- name: "INIT Prepare setup"
debug:
diff --git a/tests/playbooks/tests_bond_deprecated.yml b/tests/playbooks/tests_bond_deprecated.yml
index f37e19a..ae475c4 100644
--- a/tests/playbooks/tests_bond_deprecated.yml
+++ b/tests/playbooks/tests_bond_deprecated.yml
@@ -8,6 +8,8 @@
dhcp_interface1: test1
port2_profile: bond0.1
dhcp_interface2: test2
+ tags:
+ - "tests::expfail"
tasks:
- name: "INIT Prepare setup"
debug:
diff --git a/tests/tests_bond_deprecated_initscripts.yml b/tests/tests_bond_deprecated_initscripts.yml
index 383b488..cdf3de0 100644
--- a/tests/tests_bond_deprecated_initscripts.yml
+++ b/tests/tests_bond_deprecated_initscripts.yml
@@ -10,6 +10,7 @@
network_provider: initscripts
tags:
- always
+ - "tests::expfail"
- import_playbook: playbooks/tests_bond_deprecated.yml
when: (ansible_distribution in ['CentOS','RedHat'] and
diff --git a/tests/tests_bond_initscripts.yml b/tests/tests_bond_initscripts.yml
index 8fa74c5..6a231c4 100644
--- a/tests/tests_bond_initscripts.yml
+++ b/tests/tests_bond_initscripts.yml
@@ -10,6 +10,7 @@
network_provider: initscripts
tags:
- always
+ - "tests::expfail"
- import_playbook: playbooks/tests_bond.yml
when: (ansible_distribution in ['CentOS','RedHat'] and
--
2.30.2

File diff suppressed because it is too large Load Diff

View File

@ -3,14 +3,13 @@
# ansible-core as a build_dep on RHEL8
%if 0%{?fedora} || 0%{?rhel} >= 9
%bcond_without ansible
%global ansible_build_dep ansible-core >= 2.11.0
%if 0%{?fedora}
BuildRequires: ansible-packaging
%else
%if 0%{?rhel} && ! 0%{?epel}
%bcond_with ansible
%else
%bcond_without ansible
%global ansible_build_dep ansible >= 2.9.10
BuildRequires: ansible-core >= 2.11.0
%endif
%else
%bcond_with ansible
%endif
%bcond_with collection_artifact
@ -30,23 +29,12 @@ Name: linux-system-roles
%endif
Url: https://github.com/linux-system-roles
Summary: Set of interfaces for unified system management
Version: 1.20.1
Version: 1.21.1
Release: 1%{?dist}
#Group: Development/Libraries
License: GPLv3+ and MIT and BSD and Python
%global installbase %{_datadir}/linux-system-roles
%global _pkglicensedir %{_licensedir}/%{name}
%global rolealtprefix linux-system-roles.
%global roleprefix %{name}.
%global roleinstprefix %{nil}
%global rolealtrelpath ../../linux-system-roles/
%if 0%{?rhel}
%global roleinstprefix %{roleprefix}
%global installbase %{_datadir}/ansible/roles
%global rolealtrelpath %{nil}
%endif
%global roleinstprefix %{name}.
%if 0%{?rhel}
%global collection_namespace redhat
%global collection_name rhel_system_roles
@ -58,19 +46,25 @@ License: GPLv3+ and MIT and BSD and Python
%global collection_version %{version}
# Helper macros originally from macros.ansible by Igor Raits <ignatenkobrain>
# Not available on RHEL, so we must define those macros locally here without using ansible-galaxy
# On RHEL, not available, so we must define those macros locally
# On Fedora, provided by ansible-packager
# Not used (yet). Could be made to point to AH in RHEL - but what about CentOS Stream?
#%%{!?ansible_collection_url:%%define ansible_collection_url() https://galaxy.ansible.com/%%{collection_namespace}/%%{collection_name}}
%if 0%{?fedora} || 0%{?rhel} >= 8
%{!?ansible_collection_files:%define ansible_collection_files %{_datadir}/ansible/collections/ansible_collections/%{collection_namespace}/}
%if 0%{?rhel}
Provides: ansible-collection(%{collection_namespace}.%{collection_name}) = %{collection_version}
%global ansible_collection_files %{_datadir}/ansible/collections/ansible_collections/%{collection_namespace}/
%define ansible_roles_dir %{_datadir}/ansible/roles
%if %{without ansible}
# Untar and copy everything instead of galaxy-installing the built artifact when ansible is not available
%define ansible_collection_build() tar -cf %{_tmppath}/%{collection_namespace}-%{collection_name}-%{version}.tar.gz .
%define ansible_collection_install() mkdir -p %{buildroot}%{ansible_collection_files}%{collection_name}; (cd %{buildroot}%{ansible_collection_files}%{collection_name}; tar -xf %{_tmppath}/%{collection_namespace}-%{collection_name}-%{version}.tar.gz)
%else
# Define undefined macro using "!?ansible_collection_files:..." does not work for rhel-7
%if %{?ansible_collection_files:0}%{!?ansible_collection_files:1}
%define ansible_collection_files %{_datadir}/ansible/collections/ansible_collections/%{collection_namespace}/
%define ansible_collection_build() ansible-galaxy collection build
%define ansible_collection_install() ansible-galaxy collection install -n -p %{buildroot}%{_datadir}/ansible/collections %{collection_namespace}-%{collection_name}-%{version}.tar.gz
%endif
%endif
# be compatible with the usual Fedora Provides:
Provides: ansible-collection-%{collection_namespace}-%{collection_name} = %{collection_version}-%{release}
# ansible-core is in rhel 8.6 and later - default to ansible-core, but allow
# the use of ansible if present - we may revisit this if the automatic dependency
@ -83,18 +77,6 @@ License: GPLv3+ and MIT and BSD and Python
Requires: (ansible-core >= 2.11.0 or ansible >= 2.9.0)
%endif
%if %{with ansible}
BuildRequires: %{ansible_build_dep}
%endif
%if %{without ansible}
# We don't have ansible-galaxy.
# Simply copy everything instead of galaxy-installing the built artifact.
%define ansible_collection_build_install() tar -cf %{_tmppath}/%{collection_namespace}-%{collection_name}-%{version}.tar.gz .; mkdir -p %{buildroot}%{ansible_collection_files}%{collection_name}; (cd %{buildroot}%{ansible_collection_files}%{collection_name}; tar -xf %{_tmppath}/%{collection_namespace}-%{collection_name}-%{version}.tar.gz)
%else
%define ansible_collection_build_install() ansible-galaxy collection build; ansible-galaxy collection install -n -p %{buildroot}%{_datadir}/ansible/collections %{collection_namespace}-%{collection_name}-%{version}.tar.gz
%endif
# For each role, call either defcommit() or deftag(). The other macros
# (%%id and %%shortid) can be then used in the same way in both cases.
# This way the rest of the spec file des not need to know whether we are
@ -125,88 +107,84 @@ BuildRequires: %{ansible_build_dep}
%%global rolestodir %%{?rolestodir} %%{roletodir%{1}}
}
#%%defcommit 1 14314822b529520ac12964e0d2938c4bb18ab895
%global mainid d6a8e0167e9ed8d089093b7ead1e298241b534e1
Source: %{url}/auto-maintenance/archive/%{mainid}/auto-maintenance-%{mainid}.tar.gz
# BEGIN AUTOGENERATED SOURCES
%global rolename1 postfix
%deftag 1 1.2.4
%deftag 1 1.3.3
#%%defcommit 2 9fe6eb36772e83b53dcfb8ceb73608fd4f72eeda
%global rolename2 selinux
%deftag 2 1.4.0
%deftag 2 1.5.6
#%%defcommit 3 cbe4bf262bffae3bf53e531662237741954c4182
%global rolename3 timesync
%deftag 3 1.6.9
%deftag 3 1.7.2
#%%defcommit 4 02fc72b482e165472624b2f68eecd2ddce1d93b1
%global rolename4 kdump
%deftag 4 1.2.5
%deftag 4 1.2.6
#%%defcommit 5 a74092634adfe45f76cf761138abab1811692b4b
%global rolename5 network
%deftag 5 1.9.1
%deftag 5 1.11.2
#%%defcommit 6 50d2b8ccc98a8f4cb9d1d550d21adc227181e9fa
%global rolename6 storage
%deftag 6 1.9.1
%deftag 6 1.9.6
#%%defcommit 7 d57caa8ca506d8cbc7ca0f96f7cb62b7e965f163
%global rolename7 metrics
%deftag 7 1.7.3
%deftag 7 1.8.1
#%%defcommit 8 2b9e53233ee3a68bdb532e62f289733e436a6106
%global rolename8 tlog
%deftag 8 1.2.9
%deftag 8 1.2.11
#%%defcommit 9 9373303b98e09ef38df7afc8d06e5e55812096c7
%global rolename9 kernel_settings
%deftag 9 1.1.10
%deftag 9 1.1.11
#%%defcommit 10 20dd3e5520ca06dcccaa9b3f1fb428d055e0c23f
%global rolename10 logging
%deftag 10 1.10.0
%deftag 10 1.11.5
#%%defcommit 11 c57d0b1f3384c525738fa26ba4bdca485e162567
%global rolename11 nbde_server
%deftag 11 1.1.5
%deftag 11 1.3.3
#%%defcommit 12 bef2fad5e365712d1f40e53662490ba2550a253f
%global rolename12 nbde_client
%deftag 12 1.2.6
%deftag 12 1.2.10
#%%defcommit 13 310fc53db04e8d3134524afb7a89b0477a2ffb83
%global rolename13 certificate
%deftag 13 1.1.6
%deftag 13 1.1.9
#%%defcommit 14 b2a9857ac661fa32e66666e444b73bfdb34cdf95
%global rolename14 crypto_policies
%deftag 14 1.2.6
%deftag 14 1.2.7
%global forgeorg15 https://github.com/willshersystems
%global repo15 ansible-sshd
%global rolename15 sshd
%defcommit 15 9766d9097a87a130d4c8abde2247aaad5c925ecf
#%%deftag 15 v0.15.1
%deftag 15 v0.18.1
#%%defcommit 16 59b9fd7b25607d8bd33bdb082748955f2652846a
%global rolename16 ssh
%deftag 16 1.1.9
%deftag 16 1.1.12
#%%defcommit 17 f901239cb91878719c9e7461760ef8d4789d626d
%global rolename17 ha_cluster
%deftag 17 1.7.4
%deftag 17 1.8.7
#%%defcommit 18 5f6cb73e6753fbdbb219b7d3079f0378b2d3bdb3
%global rolename18 vpn
%deftag 18 1.3.5
%deftag 18 1.5.3
%global rolename19 firewall
%deftag 19 1.4.0
%deftag 19 1.4.2
%global rolename20 cockpit
%deftag 20 1.3.0
%deftag 20 1.4.3
%global rolename21 podman
%deftag 21 1.1.2
%global rolename22 ad_integration
%deftag 22 1.0.2
%global rolename23 rhc
%deftag 23 1.1.1
%global rolename24 journald
%deftag 24 1.0.0
%global mainid c22eff88d40972158cd5c413b7468b4e904cc76c
Source: %{url}/auto-maintenance/archive/%{mainid}/auto-maintenance-%{mainid}.tar.gz
Source1: %{archiveurl1}
Source2: %{archiveurl2}
Source3: %{archiveurl3}
@ -227,31 +205,19 @@ Source17: %{archiveurl17}
Source18: %{archiveurl18}
Source19: %{archiveurl19}
Source20: %{archiveurl20}
Source21: %{archiveurl21}
Source22: %{archiveurl22}
Source23: %{archiveurl23}
Source24: %{archiveurl24}
# END AUTOGENERATED SOURCES
# Collection tarballs from Automation Hub
# Not used on Fedora.
Source801: ansible-posix-1.4.0.tar.gz
# Includes with definitions/tags that differ between RHEL and Fedora
Source2301: redhat_subscription.py
Source1001: extrasources.inc
# Collection tarballs from Galaxy
# Not used on Fedora.
Source901: community-general-5.4.0.tar.gz
%include %{SOURCE1001}
# changelog is auto generated on Fedora
Source996: CHANGELOG.md
# Script to convert spec %changelog into collection CHANGELOG.md
# only used on Fedora
Source997: spec-to-changelog-md.sh
# Script to convert the collection README to Automation Hub.
# Not used on Fedora.
Source998: collection_readme.sh
Patch51: network-disable-bondtests.diff
Patch1501: 0001-sshd-Add-final-version-of-RequiredRSASize.patch
Patch1601: 0001-ssh-Add-final-version-of-the-option-RequiredRSASize-53.patch
Source995: CHANGELOG.md
BuildArch: noarch
@ -268,22 +234,9 @@ BuildRequires: highlight
# Requirements for galaxy_transform.py
BuildRequires: python3
%if 0%{?fedora} || 0%{?rhel} >= 8
BuildRequires: %{py3_dist ruamel.yaml}
%else
BuildRequires: python3-ruamel-yaml
%endif
BuildRequires: python%{python3_pkgversion}-ruamel-yaml
Obsoletes: rhel-system-roles-techpreview < 1.0-3
%if %{undefined __ansible_provides}
Provides: ansible-collection(%{collection_namespace}.%{collection_name}) = %{collection_version}
%endif
# be compatible with the usual Fedora Provides:
Provides: ansible-collection-%{collection_namespace}-%{collection_name} = %{version}-%{release}
# We need to put %%description within the if block to avoid empty
# lines showing up.
# We must put %%description within the if block to avoid empty lines showing up.
%if 0%{?rhel}
%description
Collection of Ansible roles and modules that provide a stable and
@ -304,11 +257,32 @@ Summary: Collection artifact to import to Automation Hub / Ansible Galaxy
Collection artifact for %{name}. This package contains %{collection_namespace}-%{collection_name}-%{version}.tar.gz
%endif
%prep
%setup -q -a1 -a2 -a3 -a4 -a5 -a6 -a7 -a8 -a9 -a10 -a11 -a12 -a13 -a14 -a15 -a16 -a17 -a18 -a19 -a20 -n %{getarchivedir 0}
# Fix issue with package update introduce with changing symlink to directory
# in 1.21.1-5
%pretrans -p <lua>
roles = {
"certificate", "cockpit", "crypto_policies", "firewall", "ha_cluster",
"kdump", "kernel_settings", "logging", "metrics", "nbde_client",
"nbde_server", "network", "postfix", "selinux", "ssh", "sshd", "storage",
"timesync", "tlog", "vpn"
}
for i,v in ipairs(roles) do
path = "/usr/share/ansible/roles/linux-system-roles." .. v
st = posix.stat(path)
if st and st.type == "link" then
os.remove(path)
end
end
for file in %_sourcedir/*.tar.gz; do
if [[ "$file" =~ %_sourcedir/([^-]+)-([^-]+)-(.+).tar.gz ]]; then
%prep
# BEGIN AUTOGENERATED SETUP
%setup -q -a1 -a2 -a3 -a4 -a5 -a6 -a7 -a8 -a9 -a10 -a11 -a12 -a13 -a14 -a15 -a16 -a17 -a18 -a19 -a20 -a21 -a22 -a23 -a24 -n %{getarchivedir 0}
# END AUTOGENERATED SETUP
%if 0%{?rhel}
# Untar vendored collection tarballs to corresponding directories
for file in %{SOURCE801} %{SOURCE901} %{SOURCE902}; do
if [[ "$(basename $file)" =~ ([^-]+)-([^-]+)-(.+).tar.gz ]]; then
ns=${BASH_REMATCH[1]}
name=${BASH_REMATCH[2]}
ver=${BASH_REMATCH[3]}
@ -318,6 +292,7 @@ for file in %_sourcedir/*.tar.gz; do
popd > /dev/null
fi
done
%endif
declare -A ROLESTODIR=(%{rolestodir})
for rolename in %{rolenames}; do
@ -334,16 +309,15 @@ for rolename in %{rolenames}; do
mv "$dir_from_archive" ${rolename}
done
%if 0%{?rhel}
cd %{rolename2}/tests
# this test causes avcs we want to ignore
sed -r -i -e '/hosts: all/a\
tags:\
- tests::avc' tests_selinux_disabled.yml
cd ../..
%endif
cd %{rolename5}
%patch51 -p1
cd ..
cd %{rolename15}
find -P tests examples -name \*.yml | while read file; do
sed -r -i -e "s/ansible-sshd/linux-system-roles.sshd/" \
@ -366,21 +340,13 @@ if [ "$rolesdir" != "$realrolesdir" ]; then
fi
cd ..
cd %{rolename15}
%patch1501 -p1
cd ..
cd %{rolename16}
%patch1601 -p1
cd ..
%if 0%{?rhel}
# Unpack tar.gz to retrieve to be vendored modules and place them in the roles library.
# ansible.posix:
# - library:
# - Module selinux and seboolean for the selinux role
# - Module mount for the storage role
declare -A module_map=( ["selinux.py"]="selinux" ["seboolean.py"]="selinux" ["mount.py"]="storage" )
declare -A module_map=( ["selinux.py"]="selinux" ["seboolean.py"]="selinux" ["mount.py"]="storage" )
for module in "${!module_map[@]}"; do
role="${module_map[${module}]}"
if [ ! -d $role/library ]; then
@ -400,14 +366,15 @@ for module in "${!module_map[@]}"; do
mkdir -p $role/module_utils/${role}_lsr
fi
cp -pL .external/ansible/posix/plugins/module_utils/$module $role/module_utils/${role}_lsr/$module
sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module
done
# community.general:
# - library:
# - Module seport, sefcontext and selogin for the selinux role rolename2
# - Module ini_file for role tlog
module_map=( ["seport.py"]="selinux" ["sefcontext.py"]="selinux" ["selogin.py"]="selinux" ["ini_file.py"]="tlog" )
# - rhc modules
module_map=( ["seport.py"]="selinux" ["sefcontext.py"]="selinux" ["selogin.py"]="selinux" ["ini_file.py"]="tlog"
["redhat_subscription.py"]="rhc" ["rhsm_release.py"]="rhc" ["rhsm_repository.py"]="rhc" )
for module in "${!module_map[@]}"; do
role="${module_map[${module}]}"
if [ ! -d $role/library ]; then
@ -425,13 +392,56 @@ for module in "${!module_map[@]}"; do
ls -alrtF $role/library/$module
sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module
done
%endif
# Fix until the updated redhat_subscription.py is in community.general
cp %{SOURCE2301} rhc/library/redhat_subscription.py
sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' rhc/library/redhat_subscription.py
# containers.podman:
# - library:
# - Module podman_container_info, podman_image and podman_play for the podman role
module_map=( ["podman_container_info.py"]="podman" ["podman_image.py"]="podman" ["podman_play.py"]="podman" )
for module in "${!module_map[@]}"; do
role="${module_map[${module}]}"
if [ ! -d $role/library ]; then
mkdir $role/library
fi
moduledir=.external/containers/podman/plugins/modules
cp -pL $moduledir/$module $role/library/$module
ls -alrtF $role/library/$module
sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' \
-e "s/ansible_collections.containers.podman.plugins.module_utils.podman/ansible.module_utils.${role}_lsr/" \
$role/library/$module
done
# containers.podman:
# - module_utils:
# - Module_util common for the podman role
module_map=( ["common.py"]="podman" )
for module in "${!module_map[@]}"; do
role="${module_map[${module}]}"
if [ ! -d $role/module_utils/${role}_lsr ]; then
mkdir -p $role/module_utils/${role}_lsr
fi
cp -pL .external/containers/podman/plugins/module_utils/podman/$module $role/module_utils/${role}_lsr/$module
done
# remove the temporary .external directory after vendoring
rm -rf .external
# Replacing "linux-system-roles.rolename" with "rhel-system-roles.rolename" in each role
%if "%{roleprefix}" != "linux-system-roles."
# Replacing "fedora.linux_system_roles." with "redhat.rhel_system_roles" in each role
# This is for the "roles calling other roles" case
# for podman, change the FQCN - using a non-FQCN module name doesn't seem to work,
# even for the legacy role format
# replace community.general for rhc
for rolename in %{rolenames}; do
find $rolename -type f -exec \
sed "s/linux-system-roles[.]${rolename}\\>/%{roleprefix}${rolename}/g" -i {} \;
sed -e "s/linux-system-roles[.]${rolename}\\>/%{roleinstprefix}${rolename}/g" \
-e "s/fedora[.]linux_system_roles[.]/%{collection_namespace}.%{collection_name}./g" \
-e "s/containers[.]podman[.]/%{collection_namespace}.%{collection_name}./g" \
-e "s/community[.]general[.]/%{collection_namespace}.%{collection_name}./g" \
-i {} \;
done
%endif
@ -494,13 +504,20 @@ for role in %{rolenames}; do
includes="$includes --include $role"
%if 0%{?rhel}
# we vendor-in all of the dependencies on rhel, so remove them
rm -f "$role/meta/requirements.yml" "$role/meta/collection-requirements.yml"
rm -f "$role/meta/requirements.yml" "$role/meta/collection-requirements.yml" \
"$role/tests/collection-requirements.yml"
%endif
done
LANG=en_US.utf-8 LC_ALL=en_US.utf-8 python3 release_collection.py --galaxy-yml galaxy.yml \
# do not process changelogs on RHEL
%if 0%{?rhel}
extra_mapping="--extra-mapping fedora.linux_system_roles:%{collection_namespace}.%{collection_name}"
%else
extra_mapping=""
%endif
LANG=C.utf-8 LC_ALL=C.utf-8 python3 release_collection.py --galaxy-yml galaxy.yml \
--src-path $(pwd) --dest-path $(pwd)/.collections $includes --force --no-update \
--src-owner %{name} --skip-git --skip-check --debug
--src-owner %{name} --skip-git --skip-check --skip-changelog $extra_mapping --debug
# Remove table of contents from logging README.md
# It is not needed for html and AH/Galaxy
@ -516,51 +533,61 @@ for role in %{rolenames}; do
.collections/ansible_collections/%{collection_namespace}/%{collection_name}/roles/$role/README.md
done
# Remove test only collection dependencies
# NOTE: These should not be in meta/collection-requirements.yml, they should be
# in tests/collection-requirements.yml, but they can't be moved yet
sed -i -e '/community[.]mysql:/d' -e '/community[.]postgresql:/d' \
.collections/ansible_collections/%{collection_namespace}/%{collection_name}/galaxy.yml
cp %{SOURCE995} \
.collections/ansible_collections/%{collection_namespace}/%{collection_name}/docs/CHANGELOG.md
%if 0%{?rhel}
cp %{SOURCE996} \
.collections/ansible_collections/%{collection_namespace}/%{collection_name}/docs/CHANGELOG.md
%else
# Build the collection CHANGELOG.md
%{SOURCE997} %{_specdir}/%{name}.spec \
.collections/ansible_collections/%{collection_namespace}/%{collection_name}/docs/CHANGELOG.md
.collections/ansible_collections/%{collection_namespace}/%{collection_name}/CHANGELOG.rst
%endif
# Build the collection
pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/
%ansible_collection_build
popd
%install
mkdir -p $RPM_BUILD_ROOT%{installbase}
mkdir -p $RPM_BUILD_ROOT%{_datadir}/ansible/roles
mkdir -p %{buildroot}%{ansible_roles_dir}
for role in %{rolenames}; do
cp -pR "$role" "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role"
cp -pR "$role" "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role"
done
%if 0%{?rolealtprefix:1}
%if 0%{?rhel}
# Create symlinks for roles in /usr/share/ansible/roles/linux-system-roles.$rolename
# That's required to make roles work with upstream naming too
for role in %{rolenames}; do
ln -s "%{rolealtrelpath}%{roleinstprefix}$role" "$RPM_BUILD_ROOT%{_datadir}/ansible/roles/%{rolealtprefix}$role"
ln -s "%{name}.$role" "%{buildroot}%{ansible_roles_dir}/linux-system-roles.$role"
done
%endif
mkdir -p $RPM_BUILD_ROOT%{_pkglicensedir}
rm $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}network/examples/roles
mkdir -p %{buildroot}%{_pkglicensedir}
rm %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}network/examples/roles
for role in %{rolenames}; do
mkdir -p "$RPM_BUILD_ROOT%{_pkgdocdir}/$role"
cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/CHANGELOG.md" \
"$RPM_BUILD_ROOT%{_pkgdocdir}/$role"
cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/README.md" \
"$RPM_BUILD_ROOT%{_pkgdocdir}/$role"
mkdir -p "%{buildroot}%{_pkgdocdir}/$role"
ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/CHANGELOG.md" \
"%{buildroot}%{_pkgdocdir}/$role"
ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.md" \
"%{buildroot}%{_pkgdocdir}/$role"
%if %{with html}
cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/README.html" \
"$RPM_BUILD_ROOT%{_pkgdocdir}/$role"
ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.html" \
"%{buildroot}%{_pkgdocdir}/$role"
%endif
if [ -f "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/COPYING" ]; then
cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/COPYING" \
"$RPM_BUILD_ROOT%{_pkglicensedir}/$role.COPYING"
if [ -f "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" ]; then
ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" \
"%{buildroot}%{_pkglicensedir}/$role.COPYING"
fi
if [ -f "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/LICENSE" ]; then
cp -p "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/LICENSE" \
"$RPM_BUILD_ROOT%{_pkglicensedir}/$role.LICENSE"
if [ -f "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/LICENSE" ]; then
ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/LICENSE" \
"%{buildroot}%{_pkglicensedir}/$role.LICENSE"
fi
if [ -d "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples" ]; then
for file in "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples/"*.yml ; do
if [ -d "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples" ]; then
for file in "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples/"*.yml ; do
basename=$(basename "$file" .yml)
newname="$basename"
if [[ "$newname" != example-* ]]; then
@ -569,57 +596,58 @@ for role in %{rolenames}; do
if [[ "$newname" != *-playbook ]]; then
newname="${newname}-playbook"
fi
cp "$file" "$RPM_BUILD_ROOT%{_pkgdocdir}/$role/${newname}.yml"
cp "$file" "%{buildroot}%{_pkgdocdir}/$role/${newname}.yml"
rm "$file"
done
if [ -f "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples/inventory" ]; then
cp "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples/inventory" \
"$RPM_BUILD_ROOT%{_pkgdocdir}/$role/example-inventory"
rm "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples/inventory"
if [ -f "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples/inventory" ]; then
cp "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples/inventory" \
"%{buildroot}%{_pkgdocdir}/$role/example-inventory"
rm "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples/inventory"
fi
# special case for network
# this will error if the directory is unexpectedly empty
rmdir "$RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}$role/examples"
rmdir "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/examples"
fi
done
rm $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}*/semaphore
rm -r $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}*/molecule
rm %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/semaphore
rm -r %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/molecule
rm -r $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}*/.[A-Za-z]*
rm $RPM_BUILD_ROOT%{installbase}/%{roleinstprefix}*/tests/.git*
rm -r %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/.[A-Za-z]*
rm %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/tests/.git*
# NOTE: sshd/examples/example-root-login.yml is
# referenced in the configuring-openssh-servers-using-the-sshd-system-role documentation module
# must be updated if changing the file path
# Install the collection
pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/
%ansible_collection_build_install
%ansible_collection_install
popd
mkdir -p $RPM_BUILD_ROOT%{_pkgdocdir}/collection
mkdir -p $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles
mkdir -p %{buildroot}%{_pkgdocdir}/collection
mkdir -p %{buildroot}%{_pkgdocdir}/collection/roles
cp -p %{buildroot}%{ansible_collection_files}%{collection_name}/README.md \
$RPM_BUILD_ROOT%{_pkgdocdir}/collection
ln -sr %{buildroot}%{ansible_collection_files}%{collection_name}/README.md \
%{buildroot}%{_pkgdocdir}/collection
for rolename in %{rolenames}; do
for file in CHANGELOG.md README.md; do
if [ -f %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file ]; then
if [ ! -d $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${rolename} ]; then
mkdir -p $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${rolename}
if [ ! -d %{buildroot}%{_pkgdocdir}/collection/roles/${rolename} ]; then
mkdir -p %{buildroot}%{_pkgdocdir}/collection/roles/${rolename}
fi
cp -p %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file \
$RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${rolename}
ln -sr %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file \
%{buildroot}%{_pkgdocdir}/collection/roles/${rolename}
fi
done
done
%if %{with html}
# converting README.md to README.html for collection in $RPM_BUILD_ROOT%{_pkgdocdir}/collection
readmes="$RPM_BUILD_ROOT%{_pkgdocdir}/collection/README.md"
# converting README.md to README.html for collection in %%{buildroot}%%{_pkgdocdir}/collection
readmes="%{buildroot}%{_pkgdocdir}/collection/README.md"
for role in %{rolenames}; do
readmes="${readmes} $RPM_BUILD_ROOT%{_pkgdocdir}/collection/roles/${role}/README.md"
readmes="${readmes} %{buildroot}%{_pkgdocdir}/collection/roles/${role}/README.md"
done
sh md2html.sh $readmes
%endif
@ -627,21 +655,21 @@ sh md2html.sh $readmes
%if %{with collection_artifact}
# Copy collection artifact to /usr/share/ansible/collections/ for collection-artifact
pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/
if [ -f %{collection_namespace}-%{collection_name}-%{version}.tar.gz ]; then
mv %{collection_namespace}-%{collection_name}-%{version}.tar.gz \
$RPM_BUILD_ROOT%{_datadir}/ansible/collections/
fi
%{buildroot}%{_datadir}/ansible/collections/
popd
%endif
# generate the %files section in the file files_section.txt
# Generate the %%files section in files_section.txt
# Bulk files inclusion is not possible because roles store doc and licence
# files together with other files
format_item_for_files() {
# $1 is directory or file name in buildroot
# $2 - if true, and item is a directory, use %dir
# $2 - if true, and item is a directory, use %%dir
local item
local files_item
item="$1"
files_item=${item##"%{buildroot}"}
item="$1" # full path including buildroot
files_item=${item##"%{buildroot}"} # path with cut buildroot to be added to %%files
if [ -L "$item" ]; then
echo "$files_item"
elif [ -d "$item" ]; then
@ -654,14 +682,14 @@ format_item_for_files() {
fi
elif [[ "$item" == */README.md ]] || [[ "$item" == */README.html ]] || [[ "$item" == */CHANGELOG.md ]]; then
if [[ "$item" == */private_* ]]; then
# mark as regular file, not %doc
# mark as regular file, not %%doc
echo "$files_item"
else
echo "%doc $files_item"
fi
elif [[ "$item" != */COPYING* ]] && [[ "$item" != */LICENSE* ]]; then
# Avoid dynamically using the license macro since the license macro
# is replaced with the value of License directive in the older rpmbuild.
elif [[ "$item" == */COPYING* ]] || [[ "$item" == */LICENSE* ]]; then
echo "%""%""license" "$files_item"
else
echo "$files_item"
fi
}
@ -669,15 +697,7 @@ format_item_for_files() {
files_section=files_section.txt
rm -f $files_section
touch $files_section
%if %{without ansible}
echo '%dir %{_datadir}/ansible' >> $files_section
echo '%dir %{_datadir}/ansible/roles' >> $files_section
%endif
%if "%{installbase}" != "%{_datadir}/ansible/roles"
echo '%dir %{installbase}' >> $files_section
%endif
echo '%dir %{ansible_collection_files}' >> $files_section
echo '%dir %{ansible_collection_files}%{collection_name}' >> $files_section
# Dynamically generate files section entries for %%{ansible_collection_files}
find %{buildroot}%{ansible_collection_files}%{collection_name} -mindepth 1 -maxdepth 1 | \
while read item; do
if [[ "$item" == */roles ]]; then
@ -693,7 +713,8 @@ find %{buildroot}%{ansible_collection_files}%{collection_name} -mindepth 1 -maxd
fi
done
find %{buildroot}%{installbase} -mindepth 1 -maxdepth 1 | \
# Dynamically generate files section entries for %%{ansible_roles_dir}
find %{buildroot}%{ansible_roles_dir} -mindepth 1 -maxdepth 1 | \
while read item; do
if [ -d "$item" ]; then
format_item_for_files "$item" true >> $files_section
@ -704,48 +725,23 @@ find %{buildroot}%{installbase} -mindepth 1 -maxdepth 1 | \
format_item_for_files "$item" >> $files_section
fi
done
if [ "%{installbase}" != "%{_datadir}/ansible/roles" ]; then
find %{buildroot}%{_datadir}/ansible/roles -mindepth 1 -maxdepth 1 | \
while read item; do
if [ -d "$item" ]; then
format_item_for_files "$item" true >> $files_section
find "$item" -mindepth 1 -maxdepth 1 | while read roles_item; do
format_item_for_files "$roles_item" >> $files_section
done
else
format_item_for_files "$item" >> $files_section
fi
done
fi
# cat files_section.txt
# done with files_section.txt generation
%files -f files_section.txt
%{_pkgdocdir}/*/CHANGELOG.md
%{_pkgdocdir}/*/README.md
%if %{with html}
%{_pkgdocdir}/*/README.html
%endif
%{_pkgdocdir}/*/example-*
%{_pkgdocdir}/collection/roles/*/CHANGELOG.md
%{_pkgdocdir}/collection/roles/*/README.md
%if %{with html}
%{_pkgdocdir}/collection/roles/*/README.html
%endif
%license %{_pkglicensedir}/*
%license %{installbase}/*/COPYING*
%license %{installbase}/*/LICENSE*
%license %{ansible_collection_files}/%{collection_name}/COPYING*
%license %{ansible_collection_files}/%{collection_name}/LICENSE*
%if 0%{?rhel} < 8
%dir %{_datadir}/ansible
%dir %{ansible_roles_dir}
%dir %{ansible_collection_files}
%dir %{ansible_collection_files}%{collection_name}
%doc %{_pkgdocdir}
%license %{_pkglicensedir}
%if 0%{?rhel} && 0%{?rhel} < 8
# Needs to list excluded files in this hardcoded style since when
# format_item_for_files is executed, brp-python-bytecompile is not
# executed yet.
%exclude %{installbase}/*/*.py?
%exclude %{installbase}/*/*/*.py?
%exclude %{installbase}/*/*/*/*.py?
%exclude %{installbase}/*/*/*/*/*.py?
%exclude %{ansible_roles_dir}/*/*.py?
%exclude %{ansible_roles_dir}/*/*/*.py?
%exclude %{ansible_roles_dir}/*/*/*/*.py?
%exclude %{ansible_roles_dir}/*/*/*/*/*.py?
%exclude %{ansible_collection_files}/%{collection_name}/*/*/*.py?
%exclude %{ansible_collection_files}/%{collection_name}/*/*/*/*.py?
%exclude %{ansible_collection_files}/%{collection_name}/*/*/*/*/*.py?
@ -757,8 +753,110 @@ fi
%endif
%changelog
* Tue Sep 27 2022 Rich Megginson <rmeggins@redhat.com> - 1.20.1-1
- Resolves:rhbz#2129875 : ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles
* Thu Mar 16 2023 Rich Megginson <rmeggins@redhat.com> - 1.21.1-1
- Resolves:rhbz#2144877 : rhc - new role for subscription management/registration/insights
- includes the fix for tests_proxy.yml selinux and some test refactoring
* Wed Feb 22 2023 Rich Megginson <rmeggins@redhat.com> - 1.21.0-2
- Resolves:rhbz#2144877 : rhc - new role for subscription management/registration/insights
- remove role until https://bugzilla.redhat.com/show_bug.cgi?id=2171829 is fixed
* Mon Feb 20 2023 Rich Megginson <rmeggins@redhat.com> - 1.21.0-1
- Resolves:rhbz#2168733 : network - RedHat Role rhel-system-roles.network should route traffic via correct bond
* Thu Feb 16 2023 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.19
- Resolves:rhbz#2144877 : rhc - new role for subscription management/registration/insights
- vendor in modules required by rhc role
- Resolves:rhbz#2167941 : ha_cluster - Fix stonith watchdog timeout
* Wed Feb 15 2023 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.18
- Resolves:rhbz#2144877 : rhc - new role for subscription management/registration/insights
- ad_integration - fix issue with using the network role to configure DNS
* Thu Feb 09 2023 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.17
- Resolves:rhbz#2164879 : selinux - managing modules is not idempotent
- Fix nbde_server test issue
* Fri Feb 03 2023 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.16
- Resolves:rhbz#2165176 : journald - New role - journald - manage systemd-journald
- Resolves:rhbz#2159972 : nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data
- Resolves:rhbz#2164879 : selinux - managing modules is not idempotent
- fix storage tests_swap and tests_misc - swap size < 128GB on EL7
- fix podman general-meta issue
- ha_cluster non-x86_64 tests issue
- certificate non-x86_64 tests issue
* Fri Jan 20 2023 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.15
- Resolves:rhbz#2162788 : network - role should support running tests with ANSIBLE_GATHERING=explicit
- Resolves:rhbz#2149683 : Synchronize automation-related changes from Fedora spec file
- Fix ansible-test issues in several roles
- Fix nbde_server tang test failure
* Fri Jan 13 2023 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.14
- Resolves:rhbz#2143814 : ha_cluster - Allow quorum device configuration
- Resolves:rhbz#2153081 : ha_cluster - Allow enabled SBD on disabled cluster
- Resolves:rhbz#2127497 : ha_cluster - use no_log in tasks looping over pot. secret parameters
- community.general 6.2.0
- replace community.general with namespace.name for rhc role
* Thu Dec 15 2022 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.13
- Resolves:rhbz#2151355 : storage - [RHEL8] disks_needed need to be set for the raid test cases
- Resolves:rhbz#2154143 : storage - [RHEL8] tests_create_thinp_then_remove_scsi_generated.yml failed at "assertion": "(storage_test_expected_size|int - storage_test_actual_size.bytes)|abs / storage_test_expected_size|int < 0.01"
- Resolves:rhbz#2151342 : storage - [RHEL9] ansible.parsing.yaml.objects.AnsibleUnicode object' has no attribute 'bytes'
- Resolves:rhbz#2151351 : storage - [RHEL9 system role] storage role vdo tests failed about "VDO deduplication is off but it should not"
* Thu Dec 15 2022 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.12
- Resolves:rhbz#2153080 - tlog - Unconditionally enable the files provider
* Tue Dec 13 2022 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.11
- Resolves:rhbz#2130362 : logging - [RFE] convert logging role to use firewall, selinux role, and certificate role
fix basic-smoke-test failures
* Mon Dec 12 2022 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.10
- Resolves:rhbz#2130019 : ha_cluster - [RFE] convert ha_cluster role to use firewall, selinux and certificate role
- Resolves:rhbz#2143458 : network - Support cloned MAC address
- Resolves:rhbz#2066864 : podman - [RFE] role for managing podman containers and systemd
* Tue Dec 06 2022 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.9
- Resolves:rhbz#2144876 : ad_integration - [RFE] new role to support AD integration, join to AD domain
* Mon Dec 05 2022 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.8
- Resolves:rhbz#2130362 : logging - [RFE] convert logging role to use firewall, selinux role, and certificate role
fix tests - tests_relp now uses logging_purge_confs
* Tue Nov 29 2022 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.7
- Resolves:rhbz#2126960 : nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names
* Tue Nov 29 2022 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.6
- Resolves:rhbz#2133931 : nbde_server - [RFE] convert nbde_server role to use firewall and selinux role
previous fix was not complete - needed additional fixes - ansible-lint 6.x fixes
* Tue Nov 22 2022 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.5
- Resolves:rhbz#2137667 : cockpit - [RFE] convert cockpit role to use firewall, selinux role, and certificate role
- Resolves:rhbz#2130362 : logging - [RFE] convert logging role to use firewall, selinux role, and certificate role
- Resolves:rhbz#2133532 : metrics - [RFE] convert metrics role to use firewall and selinux role
- Resolves:rhbz#2133931 : nbde_server - [RFE] convert nbde_server role to use firewall and selinux role
- Resolves:rhbz#2130332 : postfix - [RFE] convert postfix role to use firewall and selinux role
- Resolves:rhbz#2119600 : vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid
- Resolves:rhbz#2130345 : vpn - [RFE] convert vpn role to use firewall and selinux role
* Tue Nov 22 2022 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.4.podman
- Resolves:rhbz#2066864 : podman - [RFE] role for managing podman containers and systemd
* Tue Nov 22 2022 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.3.ssh_sshd_selinux_timesync
- Resolves:rhbz#2143385 : selinux - add support for the 'local' parameter
- Resolves:rhbz#2143401 : sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found
- Resolves:rhbz#2130921 : ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles [rhel-8.7] [rhel-8.8.0]
* Tue Nov 15 2022 Rich Megginson <rmeggins@redhat.com> - 1.21.0-0.2.network
- Resolves:rhbz#2134201 : network - [RFE] Support setting the metric of the default route for initscripts provider
- Resolves:rhbz#2133856 : network - [RFE] Support the DNS priority
- Resolves:rhbz#2129620 : network - Support looking up named route table in routing rule
- includes ha_cluster, vpn - README.md had headings that were too long causing problems
for md to adoc to html conversion on el8
- includes changing network role to support ansible-core 2.14
- includes community.general 6.0.1
- adds back network bondtests patch - bond tests still failing in beaker
* Tue Aug 09 2022 Rich Megginson <rmeggins@redhat.com> - 1.20.0-1
- Resolves:rhbz#2115159 : cockpit - Add customization of port