From f8c6c6d6e8c7e8c0fcfa77c304b4f533fdc6dcde Mon Sep 17 00:00:00 2001 From: Sergei Petrosian Date: Mon, 11 Oct 2021 11:32:49 +0200 Subject: [PATCH] Rebase to latest upstream - Support ansible-core and improve roles: - selinux: Add support for Rocky Linux 8, fix ansible_distribution_major_version - timesync: Support ansible-core, use ansible_managed | comment - kdump: Support ansible-core, use ansible_managed | comment - network: Support ansible-core; deprecate RHEL 9 in readme; validate that ipv6_disabled is conflicting with other settings; specify PCI address to configure profile - adds match and path settings) - storage: Support ansible-core, add skip checks feature to speed up the tests - logging: Support ansible-core, add the `uid` option for elasticsearch, improve performance, use ansible_manged | comment Resolves: rhbz#1990490 (EL9) - ssh: Use ansible_manged | comment - sshd: Use ansible_managed | comment - ha_cluster: Support ansible-core, fix password_hash salt length - vpn: Support ansible-core, use wait_for_connection instead of wait_for with ssh - ansible_managed | comment BZs: Resolves: rhbz#2006230 (EL9) - untar the collection tarballs and copy the files - Add vendoring code for rhel / centos - selinux: selinux, seboolean, seport, selogin, sefcontext - storage: mount - vpn: ipaddr Resolves: rhbz#2006076 (EL9) --- .gitignore | 13 ++++ linux-system-roles.spec | 145 +++++++++++++++++++++++++++++++++++----- sources | 23 ++++--- 3 files changed, 156 insertions(+), 25 deletions(-) diff --git a/.gitignore b/.gitignore index b85c597..57bde2b 100644 --- a/.gitignore +++ b/.gitignore @@ -152,3 +152,16 @@ /metrics-1.3.1.tar.gz /logging-1.5.1.tar.gz /storage-1.6.1.tar.gz +/selinux-1.3.2.tar.gz +/timesync-1.6.1.tar.gz +/kdump-1.1.1.tar.gz +/network-c0f603808217f691f603d535becf7ff307790cac.tar.gz +/storage-1.6.2.tar.gz +/logging-1.6.0.tar.gz +/ssh-1.1.1.tar.gz +/ha_cluster-1.3.1.tar.gz +/vpn-1.2.1.tar.gz +/ansible-sshd-v0.14.1.tar.gz +/ansible-netcommon-2.4.0.tar.gz +/ansible-posix-1.3.0.tar.gz +/community-general-3.6.0.tar.gz diff --git a/linux-system-roles.spec b/linux-system-roles.spec index 9cfb30d..86add04 100644 --- a/linux-system-roles.spec +++ b/linux-system-roles.spec @@ -21,11 +21,11 @@ Name: linux-system-roles %endif Url: https://github.com/linux-system-roles Summary: Set of interfaces for unified system management -Version: 1.8.3 -Release: 2%{?dist} +Version: 1.9.0 +Release: 1%{?dist} #Group: Development/Libraries -License: GPLv3+ and MIT and BSD +License: GPLv3+ and MIT and BSD and PSFL %global installbase %{_datadir}/linux-system-roles %global _pkglicensedir %{_licensedir}/%{name} %global rolealtprefix linux-system-roles. @@ -113,23 +113,23 @@ BuildRequires: ansible >= 2.9.10 #%%defcommit 2 9fe6eb36772e83b53dcfb8ceb73608fd4f72eeda %global rolename2 selinux -%deftag 2 1.3.0 +%deftag 2 1.3.2 #%%defcommit 3 8db8f9ed9088432bac7abf68f1b284475a3baa38 %global rolename3 timesync -%deftag 3 1.6.0 +%deftag 3 1.6.1 #%%defcommit 4 02fc72b482e165472624b2f68eecd2ddce1d93b1 %global rolename4 kdump -%deftag 4 1.1.0 +%deftag 4 1.1.1 -#%%defcommit 5 b08a0b3748ee87aa3bdbcf1f0b7e41ef4971bbee +%defcommit 5 c0f603808217f691f603d535becf7ff307790cac %global rolename5 network -%deftag 5 1.4.0 +#%%deftag 5 1.4.0 #%%defcommit 6 b3b456183edb7b8aa6ceff7ce667d8e22009ef6a %global rolename6 storage -%deftag 6 1.6.1 +%deftag 6 1.6.2 #%%defcommit 7 0673d842fb32c437501e2aada2e38921da98e115 %global rolename7 metrics @@ -145,7 +145,7 @@ BuildRequires: ansible >= 2.9.10 #%%defcommit 10 20dd3e5520ca06dcccaa9b3f1fb428d055e0c23f %global rolename10 logging -%deftag 10 1.5.1 +%deftag 10 1.6.0 #%%defcommit 11 c57d0b1f3384c525738fa26ba4bdca485e162567 %global rolename11 nbde_server @@ -166,20 +166,20 @@ BuildRequires: ansible >= 2.9.10 %global forgeorg15 https://github.com/willshersystems %global repo15 ansible-sshd %global rolename15 sshd -%defcommit 15 1c5c48835e01adc176febf945e1fd36b7d9af7fd -#%%deftag 15 v0.13.1 +#%%defcommit 15 57c54e5268d9c09ab31b1357558cdcaa68116015 +%deftag 15 v0.14.1 #%%defcommit 16 59b9fd7b25607d8bd33bdb082748955f2652846a %global rolename16 ssh -%deftag 16 1.1.0 +%deftag 16 1.1.1 #%%defcommit 17 f901239cb91878719c9e7461760ef8d4789d626d %global rolename17 ha_cluster -%deftag 17 1.3.0 +%deftag 17 1.3.1 #%%defcommit 18 5f6cb73e6753fbdbb219b7d3079f0378b2d3bdb3 %global rolename18 vpn -%deftag 18 1.2.0 +%deftag 18 1.2.1 %global mainid 2dd50c8a16af647e4c7a768c481335e97735958a Source: %{url}/auto-maintenance/archive/%{mainid}/auto-maintenance-%{mainid}.tar.gz @@ -202,6 +202,15 @@ Source16: %{archiveurl16} Source17: %{archiveurl17} Source18: %{archiveurl18} +# Collection tarballs from Automation Hub +# Not used on Fedora. +Source801: ansible-posix-1.3.0.tar.gz +Source802: ansible-netcommon-2.4.0.tar.gz + +# Collection tarballs from Galaxy +# Not used on Fedora. +Source901: community-general-3.6.0.tar.gz + # Script to convert the collection README to Automation Hub. # Not used on Fedora. Source998: collection_readme.sh @@ -269,6 +278,18 @@ Collection artifact for %{name}. This package contains %{collection_namespace}-% %prep %setup -q -a1 -a2 -a3 -a4 -a5 -a6 -a7 -a8 -a9 -a10 -a11 -a12 -a13 -a14 -a15 -a16 -a17 -a18 -n %{getarchivedir 0} +for file in %_sourcedir/*.tar.gz; do + if [[ "$file" =~ %_sourcedir/([^-]+)-([^-]+)-(.+).tar.gz ]]; then + ns=${BASH_REMATCH[1]} + name=${BASH_REMATCH[2]} + ver=${BASH_REMATCH[3]} + mkdir -p .external/$ns/$name + pushd .external/$ns/$name > /dev/null + tar xfz "$file" + popd > /dev/null + fi +done + declare -A ROLESTODIR=(%{rolestodir}) for rolename in %{rolenames}; do dir_from_archive="${ROLESTODIR[${rolename}]}" @@ -301,6 +322,63 @@ sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" tests/*.yml exa sed -r -i -e "s/min_ansible_version: 2.8/min_ansible_version: 2.9/" meta/main.yml cd .. +%if 0%{?rhel} +# Unpack tar.gz to retrieve to be vendored modules and place them in the roles library. +# ansible.posix: +# - library: +# - Module selinux and seboolean for the selinux role +# - Module mount for the storage role +declare -A module_map=( ["selinux.py"]="selinux" ["seboolean.py"]="selinux" ["mount.py"]="storage" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + if [ ! -d $role/library ]; then + mkdir $role/library + fi + cp -pL .external/ansible/posix/plugins/modules/$module $role/library/$module + sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' -e "s/ansible_collections.ansible.posix.plugins.module_utils/ansible.module_utils.${role}_lsr/" $role/library/$module +done + +# ansible.posix: +# - module_utils: +# - Module_util mount for the storage role +module_map=( ["mount.py"]="storage" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + if [ ! -d $role/module_utils/${role}_lsr ]; then + mkdir -p $role/module_utils/${role}_lsr + fi + cp -pL .external/ansible/posix/plugins/module_utils/$module $role/module_utils/${role}_lsr/$module + sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module +done + +# ansible.netcommon: +# - filter_plugins: +# - Filter ipaddr for the vpn role +declare -A module_map=( ["ipaddr.py"]="vpn" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + if [ ! -d $role/filter_plugins ]; then + mkdir $role/filter_plugins + fi + cp -pL .external/ansible/netcommon/plugins/filter/$module $role/filter_plugins/$module + sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/filter_plugins/$module +done + +# community.general: +# - library: +# - Module seport, sefcontext and selogin for the selinux role rolename2 +module_map=( ["seport.py"]="selinux" ["sefcontext.py"]="selinux" ["selogin.py"]="selinux" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + if [ ! -d $role/library ]; then + mkdir $role/library + fi + cp -pL .external/community/general/plugins/modules/$module $role/library/$module + ls -alrtF $role/library/$module + sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module +done +%endif + # Replacing "linux-system-roles.rolename" with "rhel-system-roles.rolename" in each role %if "%{roleprefix}" != "linux-system-roles." for rolename in %{rolenames}; do @@ -357,6 +435,18 @@ for role in %{rolenames}; do --namespace %{collection_namespace} --collection %{collection_name} done +%if 0%{?rhel} +# Convert vendored plugins to FQCN for collection +# ansible.netcommon: +# - filter_plugins: +# - Filter ipaddr for the vpn role +declare -A module_map=( ["ipaddr"]="vpn" ) +for module in "${!module_map[@]}"; do + role="${module_map[${module}]}" + find .collections/ansible_collections/%{collection_namespace}/%{collection_name}/*/vpn \( -iname "*.yml" -o -iname "*.j2" \) -exec sed -i -e "s/\<$module\>/%{collection_namespace}.%{collection_name}.&/g" {} \; +done +%endif + # copy requirements.txt and bindep.txt from auto-maintenance/lsr_role2collection if [ -f lsr_role2collection/collection_requirements.txt ]; then cp lsr_role2collection/collection_requirements.txt \ @@ -623,6 +713,31 @@ fi %endif %changelog +* Mon Oct 11 2021 Sergei Petrosian - 1.9.0-1 +- Support ansible-core and improve roles: + - selinux: Add support for Rocky Linux 8, fix ansible_distribution_major_version + - timesync: Support ansible-core, use ansible_managed | comment + - kdump: Support ansible-core, use ansible_managed | comment + - network: Support ansible-core; deprecate RHEL 9 in readme; validate that ipv6_disabled is conflicting with other settings; specify PCI address to configure profile - adds match and path settings) + - storage: Support ansible-core, add skip checks feature to speed up the tests + - logging: Support ansible-core, add the `uid` option for elasticsearch, improve performance, use ansible_manged | comment + Resolves: rhbz#1990490 (EL9) + - ssh: Use ansible_manged | comment + - sshd: Use ansible_managed | comment + - ha_cluster: Support ansible-core, fix password_hash salt length + - vpn: Support ansible-core, use wait_for_connection instead of wait_for with ssh + - ansible_managed | comment BZs: + Resolves: rhbz#2006230 (EL9) + Resolves: rhbz#2006231 (EL8) + Resolves: rhbz#2006233 (EL7) +- untar the collection tarballs and copy the files +- Add vendoring code for rhel / centos + - selinux: selinux, seboolean, seport, selogin, sefcontext + - storage: mount + - vpn: ipaddr + Resolves: rhbz#2006076 (EL9) + Resolves: rhbz#2006081 (EL8) + * Thu Aug 26 2021 Rich Megginson - 1.8.3-2 - selinux - tag tests_selinux_disabled.yml with tests::avc Resolves rhbz#1996315 (EL9) diff --git a/sources b/sources index c6ed312..c383b15 100644 --- a/sources +++ b/sources @@ -1,19 +1,22 @@ SHA512 (auto-maintenance-2dd50c8a16af647e4c7a768c481335e97735958a.tar.gz) = 78fc58352259a64cbaff645253c552b40123bd803162d5ced1c3b50771fb5066718e241e17c7c32eaff5613b541627493665b3098fb978fb0b2c3a79e7e945a0 -SHA512 (ansible-sshd-1c5c48835e01adc176febf945e1fd36b7d9af7fd.tar.gz) = 8813ef540c5c847e96954c281e3abb610274d2118a1db66f085b3dffad3416fe625a64ed6f450086d3568aa85cc336c52f3b7b5c7819b84546e7bf82d0046aea +SHA512 (ansible-sshd-v0.14.1.tar.gz) = 00fcec57c1f6109aec654bea6ede02dbfc0ed26acf835c040253d2d1499cf79fac37a65586bcd4737f5a2db662f56907496c2befc46310ca30b989a943a84139 SHA512 (certificate-1.1.0.tar.gz) = 6b44267951fb2f2e9f1f75d8639618bf16b9cf8759883237aa577c06e73597abf5d8337418f87e0d08d40ec4e3c6f3febd3f64aca28214b6dce6e7a0ccc8cbc0 SHA512 (crypto_policies-1.2.0.tar.gz) = 3a985b7194332195c70005acfd562e772ae304c6af2d1a790541de7986be5b9896667e0081e5cfc7a5247b4739db4054d3cd74cb07b1e127e59b77f2f9620391 -SHA512 (ha_cluster-1.3.0.tar.gz) = 874400cbef513d960d902481bb1b39d2074d775f17cdb0e2e2285661e727cac7d7b3890f5bf3467c1a2f2da3177e62085dd18b70ba5f450def766ce36dff7b7c -SHA512 (kdump-1.1.0.tar.gz) = 6b2c6b7c9bc570c326785cbafbfa26318d6dbea227154f8c31ce2a2980716105a55b92e6b229fd5c4d4dafad1915c43d27ffa842546660e1018cb727149e75ee +SHA512 (ha_cluster-1.3.1.tar.gz) = 0d1986b1c8a2a025a461ca369af087432c1a747bc7b07bd5de7aa15315cf6ae67b62da34ed8f74c19134da6ec839fbe6c04a8b0b848904311e0c643d1ea2a433 +SHA512 (kdump-1.1.1.tar.gz) = bf0861808a317c988a98da37e9f7a62f38a1c1b7ac152353a41e3d65bde4686b9034c6c18b84533b0d966a07d78a8d710328e7edbedcfe3814336b3d664393e8 SHA512 (kernel_settings-1.1.0.tar.gz) = fb4283cb66f38108bf6b81a93db1bbb83b734fb84a8196352476ff1e5f8fc3cfd17af2204f2ec3df6a0968c239e33c893826f80e6e832be1240e5d17156259f9 -SHA512 (logging-1.5.1.tar.gz) = 05821a8a7ef3d39a6c215820a3fb8dec4960598442ef4d8333e835a29740b05826392119353a3c8b17402f355f517ccf08dcd4d3a8e2d1b5271d54c88a9ef8cb +SHA512 (logging-1.6.0.tar.gz) = 76f94c17cb35f128346fa1214b694e339497cf4e0e9c7036005c3430881c93dd0a1f3a00debb3e5d9a0746e82e192416f03d72cd4468d88b5ed8124fe4a0d703 SHA512 (metrics-1.3.1.tar.gz) = f8f25766eb01780cb13315ab5f8f4870819b2370fbd680ac80ea3c66d6a54d110311d11ec0b8e0bc7a64708d19853cc5c0c4fc3b6c590efc3817569f34baf29d SHA512 (nbde_client-1.1.0.tar.gz) = 38a5a071ad32ef8c87e93dfb3c9f3102d4309c79d1859264786035a2a05dd5b95363b5fda443561aa927da0b8728480f210af538ad003be6a5651923044ad6b6 SHA512 (nbde_server-1.1.0.tar.gz) = 371fea294cec64dad514e74e4818564804972f8626c549ba21ea5a008f56b4772a2ec5829e006c1f835ff18a3f495fd763b6c0421d6b569db6a1f6cbba42627f -SHA512 (network-1.4.0.tar.gz) = 369905561f2b62df68322535db915738258151f1e97044061a2898ed6d337baf5d342d721cc6ff2d64e490cda9f0600ef113ad7ecf47f9e5f6e2a57e520bc36e +SHA512 (network-c0f603808217f691f603d535becf7ff307790cac.tar.gz) = ed257565c3b73951c200b7a4740d73e8f19417d793918a5fdbd02fa32b3abc621eb5e87affbd8530d9a260b68b5edca266a648d9ae160aff2140a2ccea9a2229 SHA512 (postfix-1.1.0.tar.gz) = 91a40082466a9799f053490bc01b43a497346d3ee97d7dde2cf729f39c1ae0036002007b48796f10900cce7d5edbfe25dba7dace454b5852583b9b814a480f9f -SHA512 (selinux-1.3.0.tar.gz) = fce7d221c52b2f8a7adeffca357e61a803c6b4de78db38f853bb763b964b84036b0d921172ce30df3f96284452e5921ebc2b7f9dfcb58eeb4b599e65fdf7bc22 -SHA512 (ssh-1.1.0.tar.gz) = d5689871deacdb4bb4f33ac767777a43d37576ec0d9b8ce29b2a887f5646758d923f52c7141ca41d8cca1e84af9a33408868449a6b95db0b429ed88430878d31 -SHA512 (storage-1.6.1.tar.gz) = bc7ad045aae07a2503c64566450df1248390827e4db9333ccb6ada9ad4159ab4238046aac74b71265f2e0f93e2213e363ff6ad98d9ca5fa3fe6bdcb76aeccbdb -SHA512 (timesync-1.6.0.tar.gz) = 1d775fd31c030853be0722d0cd4b970e88e951f6895780d07b54847924563df7557cbfb0998665039d65a66cce9f0aaa07f0486be41ef39319cd259657ff3cc9 +SHA512 (selinux-1.3.2.tar.gz) = 451edb3530672a23c3b8cc848219200a973546488c345aeaf2cd58501406e01dccebf00fd06b3c041f42678a346296e5b229aa71e51106bb16950cc15599033b +SHA512 (ssh-1.1.1.tar.gz) = a808264badba2bb7d2f7767aaecc7a8249c9b2e09afdca297b8a755cb23f767ac0959cec9606509436cc12c8aafd6abd987ca166d95645e4d7055ddb68889cee +SHA512 (storage-1.6.2.tar.gz) = eab223fa6ed7fc50f933f65014114fc2afad90e8ddd0eaed29dd5907a934d1efca055dc355375f8689abd1619700fa64b4a6a3c18b4c490b901db3a88e29b19c +SHA512 (timesync-1.6.1.tar.gz) = 742d5f1cc6153a29fb06fcc7a75710a66a54ab54c04068d76a77c16e53f76a2d15010c7f3f3779c92c970d755bc7941c9309ca9ed4c2717ff84fa04637b72710 SHA512 (tlog-1.2.0.tar.gz) = d31e28ae3aba935c735836133b5d41991426fd659edf64751a2d3b5fbf303f00b4c3bfeb2b7130dad4520e9dcbe7d9db1033dd3d91066626cd5f6612a550751d -SHA512 (vpn-1.2.0.tar.gz) = ef17d73942a7f9dba7221e7a0bc50d743b7cdfc9eb3f665623e04c2a915391b8135dc73e196caacfaec83e76a02d2e37fff0d0cb633a2298aea7680f4abd5357 +SHA512 (vpn-1.2.1.tar.gz) = bc56215420656347e2f1461ecbdf3cea0fd28a56f0e4f46525dee07864e1b7819bfa30e064c5fb4ed853fd841ad5ac62f51d5ff599a6d9ed1f4a6146a917e082 +SHA512 (ansible-netcommon-2.4.0.tar.gz) = fbe26c578f192771646e9dccccf6ab9ebae58c02b6c0d8de934d9a9ce193c560d01da28c5f14f7d65706c70433362730048f984720c0c9fcd9eb497128819ba8 +SHA512 (ansible-posix-1.3.0.tar.gz) = 9eb5832467dfb1d29b1e049edf59d38a4febc2294f5e5e5b6f9a2ef10f5b2ac74a3136e41784346d700082e1cfa07b80c62bd3ec3ed6e577e33241219f2f5585 +SHA512 (community-general-3.6.0.tar.gz) = d5b489994fe8fb1a14ab621e43847c7f85a37b8486cac2f5d5b66fd2f15bcc0fcab8b689ff9550ad62ebcc686d9bc650aaabf79cbb2db4f992fe82c5d314faf7