Commit Graph

59 Commits

Author SHA1 Message Date
Rich Megginson
57686ef5a6 system roles 1.79.0-0.2
Resolves: RHEL-39996 : bootloader - Set user.cfg path to /boot/grub2/ on EL 9 UEFI
Resolves: RHEL-35561 : logging - Setup imuxsock using rhel-system-roles.logging causing an error
  fix test
Resolves: RHEL-40760 : podman - grab name of network to remove from quadlet file
Resolves: RHEL-39438 : podman - Create podman secret when skip_existing=True and it does not exist
Resolves: RHEL-40180 : ssh - Add new configuration options and remove false positives in the test
Resolves: RHEL-31854 : storage - [RFE] manage stratis
Resolves: RHEL-25777 : storage - rhel-system-role.storage is not idempotent
Resolves: RHEL-14862 : storage - [RHEL9][RFE] resize LVM PVs
Resolves: RHEL-25994 : storage - var unused_disks get different sector size disks
2024-06-11 13:00:28 -06:00
Rich Megginson
fc33c72569 system roles 1.78.0-0.1 - add gfs2
Resolves: RHEL-34214 : gfs2 - New Role
2024-04-25 07:57:45 -06:00
Rich Megginson
09485d7203 System Roles update for 1.77.0-0.1
Resolves: RHEL-18075
 - package rhel-system-roles.noarch does not provide docs for ansible-doc

Resolves: RHEL-33532
ha_cluster - [RFE] rhel_system_roles.ha_cluster - Utilization Support

Resolves: RHEL-33076
ha_cluster - Fix inconsistent approach for multiple `attributes.attrs` in `ha_cluster_node_options`

Resolves: RHEL-32872
network - Fix testing Failures due to connection.autoconnect-ports Unknown Property

Resolves: RHEL-33547
podman - feat: manage TLS cert/key files for registry connections and validate certs

Resolves: RHEL-30185
podman - podman role should support default credentials and per-unit credentials

Resolves: RHEL-30183
podman - podman role should support containers-auth.json

Resolves: RHEL-25777
storage - rhel-system-role.storage is not idempodent

(cherry picked from commit 4beb95e1c9)
2024-04-22 11:46:57 -06:00
Rich Megginson
af2675cdfd System Roles update for 1.76.2-0.1
Resolves: RHEL-28658
ad_integration - fix: Sets domain name lower case in realmd.conf section header

Resolves: RHEL-26714
bootloader - bootloader role tests do not work on ostree

Resolves: RHEL-30111
ha_cluster - [RFE] ha_cluster_node_options allows per-node addresses and SBD options to be set

Resolves: RHEL-27186
ha_cluster - [RFE] make it easier to install cloud agents

Resolves: RHEL-17271
ha_cluster - [RFE] rhel_system_roles.ha_cluster - ACL Support

Resolves: RHEL-30170
journald - feat: Add options for rate limit interval and burst

Resolves: RHEL-25264
network - Make sure that the network role CI is solid robust

Resolves: RHEL-32464
podman - fix: do not use become for changing hostdir ownership, and expose subuid/subgid info

Resolves: RHEL-32382
podman - fix: use correct user for cancel linger file name

Resolves: RHEL-30185
podman - podman role should support default credentials and per-unit credentials

Resolves: RHEL-29309
sshd - second SSHD service broken

Resolves: RHEL-30959
storage - [RHEL9]  storage role resize volume  failed

Resolves: RHEL-29874
storage - Running rhel-system-roles.storage w/ type: raid a second time, fails if existing RAID device has stratis installed on them.

Fix ansible-test issues
Ensure "WARNING: " is quoted in description string
Package doc_fragments for vendored modules
Fix wrong collection deprecation error
undefine __brp_mangle_shebangs because ansible-test does not like shebangs in executable files
ensure that any files removed during the build/install process are also removed
from ignore files
2024-04-15 18:02:47 -06:00
Rich Megginson
07470f9223 system roles 1.23.0-2.20
Resolves: RHEL-16964 : rhc - new rhc_insights.display_name parameter
Resolves: RHEL-16552 : snapshot - New Role for storage snapshot management (lvm, etc.)
  fixes error handling
2024-02-21 12:32:13 -07:00
Rich Megginson
a05f893f8e system roles 1.23.0-2.17
Resolves: RHEL-25508 : nbde_server - fix: Allow tangd socket override directory to be managed outside of the role
Resolves: RHEL-19579 : network - Add blackhole type route to rhel-system-roles.network
Fixed issues with ANSIBLE_GATHERING=explicit in several roles
Fixed test cleanup issues in several roles
2024-02-15 11:11:51 -07:00
Rich Megginson
049fc8aa31 system roles 1.23.0-2.15
Resolves: RHEL-22106 : ha_cluster - Setting cluster members' attributes
2024-02-12 11:15:34 -07:00
Rich Megginson
9f56f32207 system roles release 1.23.0-2.12
Resolves: RHEL-22228 : podman - user linger needed before secrets
2024-02-08 11:18:38 -07:00
Rich Megginson
6a179c582c System roles release 1.23.0-2.11
Resolves: RHEL-5274 : postgresql - unable to install PostgreSQL version 15 on RHEL 9
Resolves: RHEL-23497 : storage - tests_lvm_auto_size_cap_nvme_generated failed at "Assert expected size is actual size"
2024-01-31 11:52:31 -07:00
Rich Megginson
8cd6e9a93d system roles update 1.23.0-2.9
Resolves: RHEL-21382 : ad_integration - feat: add ad_integration_preserve_authselect_profile
Resolves: RHEL-21133 : ad_integration - feat: Add SSSD parameters support
Resolves: RHEL-21117 : journald - feat: Add support for ForwardToSyslog
Resolves: RHEL-22309 : podman - fix: cast secret data to string in order to allow JSON valued strings
Resolves: RHEL-21401 : podman - fix: name of volume quadlet service should be basename-volume.service
Resolves: RHEL-16974 : rhc - rhc: new rhc_insights.ansible_host parameter
Resolves: RHEL-16552 : snapshot - New Role for storage snapshot management (lvm, etc.)
add revert support
2024-01-26 12:27:35 -07:00
Packit
39903062d5 system roles update 1.23.0-2.8
Resolves: RHEL-16552 : snapshot - New Role for storage snapshot management (lvm, etc.)
2024-01-24 15:25:45 -07:00
Rich Megginson
813f94e0f7 system roles update 1.23.0-2.7
Resolves: RHEL-15909 : keylime_server - won't detect registrar start failure
Add ExcludeArch i686 to fix build issues with ansible-core
2024-01-19 08:48:55 -07:00
Rich Megginson
bea518c9cd system roles update 1.23.0-2.5
Resolves: RHEL-16336 - bootloader - Create bootloader role (MVP)
2024-01-15 15:12:10 -07:00
Rich Megginson
709df3b6b5 system roles update 1.23.0-2.4
Resolves: RHEL-3253 : RHEL for Edge support in system roles
  updated several roles with ostree improvements
  metrics role support
Resolves: RHEL-16541 : fapolicyd - feat: Import code for fapolicyd system role
  several role improvements
Resolves: RHEL-18026 : ha_cluster - fix: set sbd.service timeout based on SBD_START_DELAY
Resolves: RHEL-19046 : logging - fix: avoid conf of RatelimitBurst when RatelimitInterval is zero
Resolves: RHEL-13760 : metrics - [RFE] Metrics system role support for configuring PMIE webhooks
Resolves: RHEL-19241 : podman - fix: add no_log: true for tasks that can log secret data
Resolves: RHEL-18962 : postgresql - feat: enable using postgresql 16
Resolves: RHEL-16976 : rhc - rhc: support RHEL 7 managed nodes
Resolves: RHEL-19040 : selinux - fix: no longer use "item" as a loop variable
Resolves: RHEL-19043 : selinux - fix: Print an error message when module to be created doesn't exist
Resolves: RHEL-1535 : storage - Basic support for creating shared logical volumes
2023-12-12 15:01:24 -07:00
Rich Megginson
a2e3bb2669 System Roles update 1.23.0-2.3
Resolves: RHEL-17875
ha_cluster - high-availability firewall service is not added on qdevice node
2023-12-01 09:00:59 -07:00
Rich Megginson
e24387006f System Roles update 1.23.0-2.1
Resolves: RHEL-3253
RHEL for Edge support in system roles
except for nbde_client, rhc, metrics

Resolves: RHEL-17668
ad_integration - feat: Add sssd custom settings

Resolves: RHEL-16541
fapolicyd - feat: Import code for fapolicyd system role

Resolves: RHEL-15910
ha_cluster - [RFE] HA Cluster system role should be able to enable Resilient Storage repository

Resolves: RHEL-15908
ha_cluster - [FutureFeature] Allow ha_cluster role to configure all qdevice options

Resolves: RHEL-15876
ha_cluster - [FutureFeature] Allow ha_cluster role to configure fencing topology

Resolves: RHEL-3353
kdump - fix: retry read of kexec_crash_size

Resolves: RHEL-15932
logging - feat: Add support for the global config option preserveFQDN with a new logg…

Resolves: RHEL-15439
logging - feat: Add support for general queue and general action parameters

Resolves: RHEL-15037
logging - fix: check that logging_max_message_size is set, not rsyslog_max_message_size

Resolves: RHEL-13760
metrics - [RFE] Metrics system role support for configuring PMIE webhooks

Resolves: RHEL-1683
network - Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"

Resolves: RHEL-15870
selinux - fix: Use `ignore_selinux_state` module option

Resolves: RHEL-16212
storage - feat: Support for creating volumes without a FS
2023-11-30 14:05:59 -07:00
Rich Megginson
8dabee9d4f ad_integration - leaks credentials when in check_mode
Resolves:rhbz#2223764
ad_integration - leaks credentials when in check_mode
2023-08-22 11:17:37 -06:00
Rich Megginson
86eefbad8d ad_integration - leaks credentials when in check_mode
Resolves:rhbz#2223764
ad_integration - leaks credentials when in check_mode
2023-08-22 07:20:48 -06:00
Rich Megginson
a0cc364663 second RC for 1.22.0 rhel 8.9 and 9.3
Resolves:rhbz#2232241
kdump - "Write new authorized_keys if needed" task idempotency issues

Resolves:rhbz#2232231
kdump - system role fails if kdump_ssh_user doesn't have a .ssh/authorized_keys file in home directory

Resolves RHEL-1397
kdump - fix: ensure .ssh directory exists for kdump_ssh_user on kdump_ssh_server

Resolves RHEL-1499
kdump - fix: Ensure authorized_keys management works with multiple hosts

Resolves:rhbz#2223764
firewall - fix: reload on resetting to defaults

Resolves RHEL-1495
firewall - fix: files: overwrite firewalld.conf on previous replaced

Resolves RHEL-1497
storage - fix: use stat.pw_name, stat.gr_name instead of owner, group

  sshd README remove upstream only docs
  first RC for 1.22.0 rhel 8.9 and 9.3
  fix firewall reload test gather facts
2023-08-21 14:00:39 -06:00
Rich Megginson
374357ec37 first RC candidate for 8.9/9.3 - 1.22.0-1
Resolves:rhbz#2223764 : firewall - fix: reload on resetting to defaults
sshd README remove upstream only docs
first RC for 1.22.0 rhel 8.9 and 9.3
2023-08-15 11:12:02 -06:00
Rich Megginson
05326c5f92 podman rootless quadlets, secrets
Resolves:rhbz#2179455
podman - support quadlet units
Fix rootless quadlets, secrets
2023-08-10 08:31:49 -06:00
Rich Megginson
83fcfac874 firewall ipset and tests
firewall - missing module in linux-system-roles.firewall to create an ipset
Resolves:rhbz#2229802
2023-08-09 17:15:48 -06:00
Rich Megginson
faabc68125 podman, firewall, rhc, kdump updates
firewall - fix: reload on resetting to defaults
Resolves:rhbz#2223764

podman - Podman system role:  Unable to use podman_registries_conf to set unqualified-search-registries
Resolves:rhbz#2211984

rhc - baseurl in rhsm.conf is empty when rhc_baseurl is not specified
Resolves:rhbz#2227821

kdump - use failure_action instead of default on EL9 and later
Resolves RHEL-906

firewall - Check mode fails with replacing previous rules
Resolves RHEL-898

firewall - Ansible RHEL firewall system role not idempotent when configuring the interface using the role in rhel9
Resolves RHEL-885

podman - use getsubids to look for subuid, subgid for IdM support
Resolves RHEL-865

podman - allow to not pull images, continue if image pull fails
Resolves RHEL-857
2023-08-02 06:53:15 -06:00
Rich Megginson
9442dd700b systemd role update
systemd - system role for managing systemd units
Resolves:rhbz#2224384
2023-07-26 07:26:51 -06:00
Rich Megginson
e349d4a003 keylime_server role
keylime_server - system role for managing keylime servers
Resolves:rhbz#2224385
2023-07-25 17:07:23 -06:00
Rich Megginson
9129607eee new role systemd; fix fact gathering; podman quadlet; others
firewall - should have option to disable conflicting services
Resolves:rhbz#2222761

podman - allow container networking configuration
Resolves:rhbz#2161712

podman - support for healthchecks and healthcheck actions
Resolves:rhbz#2179457

podman - support quadlet units
Resolves:rhbz#2179455

systemd - system role for managing systemd units
Resolves:rhbz#2224384

ALL - facts being gathered unnecessarily
Resolves:rhbz#2223032

certificate - rhel-system-roles.certificate does not re-issue after updating key_size
Resolves:rhbz#2224138

firewall - Check mode fails when creating new firewall service
Resolves:rhbz#2222428

storage - RAID volume pre cleanup - remove existing data from member disks as needed before creation
Resolves:rhbz#2224090

firewall - when firewalld.service is masked, firewall role fails
Resolves:rhbz#2123859
2023-07-21 08:57:15 -06:00
Rich Megginson
0efeefa594 certificate and network
certificate - add mode parameter to change permissions for cert files
Resolves:rhbz#2180902

network - Support no-aaaa DNS option
Resolves:rhbz#2218592
2023-07-10 10:58:50 -06:00
Rich Megginson
92a5021ede storage test fix
storage - [RHEL8] Unexpected behavior when creating ext4 filesystem with invalid parameter
Resolves:rhbz#2213691
2023-07-09 17:47:52 -06:00
Rich Megginson
81d4e5f1c1 firewall, ssh
ssh - add ssh_backup option with default true
Resolves:rhbz#2216753

firewall - Don't install python(3)-firewall it's a dependency of firewalld
Resolves:rhbz#2216520
2023-06-23 08:39:32 -06:00
Rich Megginson
f33da7dfae storage resize
storage - Storage: mounted devices that are in use cannot be resized
Resolves:rhbz#2168692
2023-06-22 11:42:46 -06:00
Rich Megginson
e8f086ad49 kdump crashkernel
kdump - support auto_reset_crashkernel, dracut_args, deprecate /etc/sysconfig/kdump
Resolves:rhbz#2211187
2023-06-20 13:00:50 -06:00
Rich Megginson
b6d3c8974e ad_integration - add ad_integration_force_rejoin
ad_integration - add ad_integration_force_rejoin
Resolves:rhbz#2186253
2023-06-07 19:51:13 -06:00
Rich Megginson
c185e917eb updates for network, rhc, selinux, storage
network - Support configuring auto-dns setting
Resolves:rhbz#2211194

rhc - implement rhc_proxy.scheme
Resolves:rhbz#2211748

selinux - use restorecon -T 0 on supported platforms
Resolves:rhbz#2179460

storage - RFE for the storage system role to support configuring the stripe size for RAID LVM volumes
Resolves:rhbz#2181656

storage - [RHEL9]  Failed to commit changes to disk: Failed to format device: Input/output error
Resolves:rhbz#2210916
2023-06-06 16:54:09 -06:00
Rich Megginson
8a3fe12adc storage role update
storage - [RFE] user-specified mount point owner and permissions
Resolves:rhbz#2181657

storage - Cannot set chunk size for RAID: Unsupported parameters for (blivet) module: pools.raid_chunk_size
Resolves:rhbz#2193058

storage - [RHEL9]  Failed to commit changes to disk: Failed to format device: Input/output error
Resolves:rhbz#2210916
2023-05-30 18:51:50 -06:00
Rich Megginson
17eff1975a updates for gather_facts, rhc insights tags, tlog proxy provider
rhc - system role does not apply Insights tags
Resolves:rhbz#2209200

tlog - use the proxy provider - the files provider is deprecated in sssd
Resolves:rhbz#2179458

roles should support running with gather_facts: false
Resolves:rhbz#2190502
2023-05-30 13:01:46 -06:00
Rich Megginson
94fdbccf4d Initial official build for 9.3/8.9 - new role postgresql
fingerprint in config files managed by roles
Resolves:rhbz#2185062

ha_cluster - Add possibility to load SBD watchdog kernel modules
Resolves:rhbz#2185067

ha_cluster - support for resource and operation defaults
Resolves:rhbz#2185065

postgresql - [RFE] system role for PostgreSQL management
Resolves:rhbz#2151373

rhc - [RFE] New role for Red Hat subscription management, insights management [rhel-9.3.0]
Resolves:rhbz#2179026

ha_cluster - use pcs to setup qdevice certificates if available
Resolves:rhbz#2185066

spec: Remove doc fragments from vendored modules
Resolves:rhbz#2185002

use ansible-galaxy collection build/install instead of tar
Resolves:rhbz#2175324

rhc - RHC system role: activation key registration fails if system is already registered
Resolves:rhbz#2186218

selinux - failing test - sshd/tests_firewall_selinux.yml - No package matching 'firewalld' found available, installed or updated
Resolves:rhbz#2190501
2023-05-04 07:52:00 -06:00
Rich Megginson
b3d9ac7c21 rhc - New Role - Red Hat subscription management, insights management
rhc - New Role - Red Hat subscription management, insights management
Resolves:rhbz#2141330
2023-03-16 18:40:15 -06:00
Rich Megginson
1c7276f10a remove rhc role for now
Resolves:rhbz#2141330 : rhc - new role for subscription management/registration/insights
remove role until https://bugzilla.redhat.com/show_bug.cgi?id=2171829 is fixed
2023-02-27 12:02:13 -07:00
Rich Megginson
a742d407f4 network - RedHat Role rhel-system-roles.network should route traffic via correct bond
network - RedHat Role rhel-system-roles.network should route traffic via correct bond
Resolves:rhbz#2168735
2023-02-20 10:36:05 -07:00
Rich Megginson
0d789e9ce6 rhc - vendor in modules; ha_cluster - stonith watchdog
rhc - new role for subscription management/registration/insights
Resolves:rhbz#2141330

ha_cluster - Fix stonith watchdog timeout
Resolves:rhbz#2167528
2023-02-16 10:41:02 -07:00
Rich Megginson
cabddb158e New role rhc; fix ad_integration network DNS issue
rhc - new role for subscription management/registration/insights
Resolves:rhbz#2141330

ad_integration - fix issue with using the network role to configure DNS
2023-02-15 17:59:41 -07:00
Rich Megginson
9f4adf5a90 Fix selinux idempotency; fix nbde_server test problem
selinux - managing modules is not idempotent
Resolves:rhbz#2160152

fix nbde_server test problem
2023-02-09 18:31:03 -07:00
Rich Megginson
fbebdc0522 Add journald role; nbde_client fixes; selinux idempotency; storage and podman tests
journald - New role - journald - manage systemd-journald
Resolves:rhbz#2165175

nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data
Resolves:rhbz#2162782

selinux - managing modules is not idempotent
Resolves:rhbz#2160152

fix storage tests_swap and tests_misc - swap size < 128GB on EL7
fix podman general-meta issue
2023-02-03 16:05:35 -07:00
Rich Megginson
ea1134c9da Sync with Fedora; network fact gathering
network - role should support running tests with ANSIBLE_GATHERING=explicit
Resolves:rhbz#2100559

Synchronize automation-related changes from Fedora spec file
Resolves:rhbz#2149678
2023-01-26 16:11:05 -07:00
Rich Megginson
33ef5a3554 ha_cluster updates; community.general 6.2.0; community.general fixup for rhc
ha_cluster - Allow quorum device configuration
Resolves:rhbz#2140804

ha_cluster - Allow enabled SBD on disabled cluster
Resolves:rhbz#2153030

ha_cluster - use no_log in tasks looping over pot. secret parameters
Resolves:rhbz#2143816

community.general 6.2.0

replace community.general with namespace.name for rhc role
2023-01-13 08:39:57 -07:00
Rich Megginson
bae56b6fff storage package update
storage - [RHEL9]  ansible.parsing.yaml.objects.AnsibleUnicode object' has no attribute 'bytes'
Resolves:rhbz#2143246

storage - [RHEL9] disks_needed need to be set for the raid test cases
Resolves:rhbz#2128467

storage - [RHEL9 system role]  storage role vdo tests failed about  "VDO deduplication is off but it should not"
Resolves:rhbz#2123594

storage - [RHEL9] tests_create_thinp_then_remove_scsi_generated.yml failed at "assertion": "(storage_test_expected_size|int - storage_test_actual_size.bytes)|abs / storage_test_expected_size|int < 0.01"
Resolves:rhbz#2153660
2022-12-16 18:51:15 -07:00
Rich Megginson
0621b174f7 tlog update
tlog - Unconditionally enable the files provider
Resolves:rhbz#2153043
2022-12-15 10:35:21 -07:00
Rich Megginson
78984f79cc logging update to fix tests
logging - [RFE] convert logging role to use firewall, selinux role, and certificate role
Resolves:rhbz#2130357
2022-12-13 17:52:26 -07:00
Rich Megginson
859c62e8ac updates for firewall, ha_cluster, network, podman
ha_cluster - [RFE] convert ha_cluster role to use firewall, selinux and certificate role
Resolves:rhbz#2130010

network - Support cloned MAC address
Resolves:rhbz#2143768

podman - [RFE] role for managing podman containers and systemd
Resolves:rhbz#2143427
2022-12-12 16:11:59 -07:00
Rich Megginson
67796884eb ad_integration - new role
ad_integration - [RFE] new role to support AD integration, join to AD domain
Resolves:rhbz#2140795
2022-12-06 15:04:02 -07:00