Commit Graph

100 Commits

Author SHA1 Message Date
Richard Megginson
679e17907b add cockpit, firewall; ansible 2.12 support; many more enhancements, fixes 2021-12-09 18:51:08 +00:00
Sergei Petrosian
1626695f4f Change PFSL to Python because rpmspec uses Python abbreviation
Related: rhbz#2006076
2021-10-26 17:38:37 +02:00
Sergei Petrosian
f8c6c6d6e8 Rebase to latest upstream
- Support ansible-core and improve roles:
- selinux: Add support for Rocky Linux 8, fix
ansible_distribution_major_version
  - timesync: Support ansible-core, use ansible_managed | comment
  - kdump: Support ansible-core, use ansible_managed | comment
- network: Support ansible-core; deprecate RHEL 9 in readme; validate
that ipv6_disabled is conflicting with other settings; specify PCI
address to configure profile - adds match and path settings)
- storage: Support ansible-core, add skip checks feature to speed up
the tests
- logging: Support ansible-core, add the `uid` option for
elasticsearch, improve performance, use ansible_manged | comment
  Resolves: rhbz#1990490 (EL9)
  - ssh: Use ansible_manged | comment
  - sshd: Use ansible_managed | comment
  - ha_cluster: Support ansible-core, fix password_hash salt length
- vpn: Support ansible-core, use wait_for_connection instead of
wait_for with ssh
  - ansible_managed | comment BZs:
    Resolves: rhbz#2006230 (EL9)
- untar the collection tarballs and copy the files
- Add vendoring code for rhel / centos
  - selinux: selinux, seboolean, seport, selogin, sefcontext
  - storage: mount
  - vpn: ipaddr
  Resolves: rhbz#2006076 (EL9)
2021-10-26 13:06:59 +02:00
Rich Megginson
d16afec0fa selinux - some tests give USER_AVC denied errors
selinux tests_selinux_disabled.yml gives USER_AVC errors, so
add the tag so this test will be skipped by basic smoke test.
Resolves: rhbz#1996315 (EL9)

(cherry picked from commit ebbd49b04d5dced636177d56729fdc50d3a06df5)
2021-08-26 08:38:49 -06:00
Rich Megginson
d1ef6e6cb9 storage - revert dm-vdo workaround
sources and .gitignore

storage - revert the dm-vdo workaround fix for vdo testing
Resolves: rhbz#1978488 (EL9)

(cherry picked from commit b29d680632243def5f060b223bfacf699c89be70)
2021-08-26 08:22:55 -06:00
Rich Megginson
58873d92ff storage - revert dm-vdo workaround
storage - revert the dm-vdo workaround fix for vdo testing
Resolves: rhbz#1978488 (EL9)

(cherry picked from commit 28f40e09cc1c5a947c9dfa0cd6fa32abc725cccf)
2021-08-26 08:22:51 -06:00
Rich Megginson
947b1122b4 logging - Update the certificates copy tasks - sources and .gitignore
logging - Update the certificates copy tasks
Resolves: rhbz#1996777 (EL9)

(cherry picked from commit aa1f94b1aba1ce0d1556589c7cd0789ca044184d)
2021-08-25 09:34:09 -06:00
Rich Megginson
725e899f60 logging - Update the certificates copy tasks
logging - Update the certificates copy tasks
Resolves: rhbz#1996777 (EL9)

(cherry picked from commit e2562c34964f843495769cbbdc7f8f9c24615c5c)
2021-08-25 09:33:07 -06:00
Rich Megginson
818c68af35 metrics - the bpftrace role does not properly configure bpftrace agent
sources and .gitignore

metrics - the bpftrace role does not properly configure bpftrace agent
Resolves: rhbz#1994180 (EL9)

(cherry picked from commit f4ad485043ea038067343afb52edcad09b732b89)
2021-08-18 17:14:48 -06:00
Rich Megginson
328e881079 the bpftrace role does not properly configure bpftrace agent
metrics - the bpftrace role does not properly configure bpftrace agent
Resolves: rhbz#1994180 (EL9)

(cherry picked from commit 06ff97e58da3aff305ebea0ab34b9c55452eb031)
2021-08-18 17:14:23 -06:00
Rich Megginson
af8f9dcc95 drop support for ansible 2.8; fix sshd el6 bug
sources and .gitignore

drop support for Ansible 2.8 - min_ansible_version is now 2.9
Resolves: rhbz#1989197 (EL9)

sshd - fix rhel6 support - failed to validate: error:Missing Match criteria for all Bad Match condition
Resolves: rhbz#1991598 (EL9)

(cherry picked from commit 7f1d328ac5783bda4c070aa2b68bd5905f6db05c)
2021-08-18 17:11:24 -06:00
Rich Megginson
52c415a1da drop support for ansible 2.8; fix sshd el6 bug
drop support for Ansible 2.8 - min_ansible_version is now 2.9
Resolves: rhbz#1989197 (EL9)

sshd - fix rhel6 support - failed to validate: error:Missing Match criteria for all Bad Match condition
Resolves: rhbz#1991598 (EL9)

(cherry picked from commit 86144623e53d9187029d9e82fdc65872322c64d8)
2021-08-18 17:11:05 -06:00
Rich Megginson
ce769979cf storage - dm-vdo not found; tests_lvm_errors syntax errors
sources and .gitignore

storage - tests_create_lvmvdo_then_remove fails - Module dm-vdo not found
Resolves: rhbz#1991062 (EL9)

storage - Get syntax errors in tests_lvm_errors.yml
Resolves: rhbz#1991142 (EL9)

(cherry picked from commit e740774d321bbfee57d0c8bb5a46ecb6ef0a95af)
2021-08-18 17:08:21 -06:00
Rich Megginson
7089e62386 storage - dm-vdo not found; tests_lvm_errors syntax errors
storage - tests_create_lvmvdo_then_remove fails - Module dm-vdo not found
Resolves: rhbz#1991062 (EL9)

storage - Get syntax errors in tests_lvm_errors.yml
Resolves: rhbz#1991142 (EL9)

(cherry picked from commit a85ede7da4af74da633c2c03a5ebadd3f55246a3)
2021-08-18 17:07:43 -06:00
Mohan Boddu
19c90202d1 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-10 00:37:46 +00:00
Rich Megginson
92471d9a8f logging, cert - use tar; logging - server_host; logging - py crypto
sources and .gitignore

logging, certificate - Instead of the archive module, use "tar" command for backup.
Resolves: rhbz#1984182 (EL9)

logging - Add a support for list value to server_host in the elasticsearch output
Resolves: rhbz#1986460 (EL9)

logging - tests_relp.yml; Can't detect any of the required Python libraries cryptography (>= 1.2.3) or PyOpenSSL (>= 0.6)
Resolves: rhbz#1989962 (EL9)

(cherry picked from commit 8daf3a42b881852c5d4e75f8255b31dfdc4421d1)
2021-08-08 11:27:22 -06:00
Rich Megginson
5975a6072b logging, cert - use tar; logging - server_host; logging - py crypto
logging, certificate - Instead of the archive module, use "tar" command for backup.
Resolves: rhbz#1984182 (EL9)

logging - Add a support for list value to server_host in the elasticsearch output
Resolves: rhbz#1986460 (EL9)

logging - tests_relp.yml; Can't detect any of the required Python libraries cryptography (>= 1.2.3) or PyOpenSSL (>= 0.6)
Resolves: rhbz#1989962 (EL9)

(cherry picked from commit 6e83ea827bef074f0d105e208da3b633bb9ae66e)
2021-08-08 11:26:20 -06:00
Rich Megginson
c44356213c metrics - Grafana dashboard not working after metrics role run unless services manually restarted
sources and .gitignore
Resolves: rhbz#1984150 (EL9)

(cherry picked from commit f30b3be9623c766d91c6f21fd9eea0f030e0d105)
2021-08-08 11:11:23 -06:00
Rich Megginson
5f3c7039f7 metrics - Grafana dashboard not working after metrics role run unless services manually restarted
Resolves: rhbz#1984150 (EL9)
(cherry picked from commit 882dfa0cd996125af2cbbf45ce474a78eae20e2a)
2021-08-08 11:09:57 -06:00
Rich Megginson
527507bc3b storage - tag tests that use NVME and SCSI - sources and .gitignore
storage - tag tests that use NVME and SCSI
Resolves: rhbz#1988573 (EL9)

(cherry picked from commit fba93165eeb50e0343963d0e7bb19b0f6af825ab)
2021-08-08 10:47:13 -06:00
Rich Megginson
73a32883a7 storage - tag tests that use NVME and SCSI
storage - tag tests that use NVME and SCSI
Resolves: rhbz#1988573 (EL9)

(cherry picked from commit a9197653408f2b61cbed4f3e265f5480ee05057a)
2021-08-08 10:45:37 -06:00
Rich Megginson
62941f0f74 disable the specname check
The package name is rhel-system-roles which does not match the
spec file name linux-system-roles.spec - so just disable that check
Resolves: rhbz#1990099
2021-08-06 07:55:24 -06:00
Rich Megginson
bf969a7c2a sshd - support for rhel9 managed hosts - sources and .gitignore
sshd - support for rhel9 managed hosts
Resolves: rhbz#1989221 (EL9)

(cherry picked from commit c5813f8f5e1ce3f1fecc69913fc7b365a8d996af)
2021-08-04 18:38:10 -06:00
Rich Megginson
e7f56a79dc sshd - support for rhel9 managed hosts
sshd - support for rhel9 managed hosts
Resolves: rhbz#1989221 (EL9)

(cherry picked from commit f988cf133f7775eb47c98bbfc73bff75f18c463c)
2021-08-04 18:37:14 -06:00
Rich Megginson
00294d4775 network - no initscripts on el9, restore resolv.conf - storage deadcode issue
fix network .diff files for new code

network - tests_provider_nm.yml fails with an error: Failure in test 'I can manage a veth interface with NM after I managed it with initscripts.
Resolves: rhbz#1935919

network - _initscripts tests fail because "No package network-scripts available."
Resolves: rhbz#1935916

network - Test tests_bond_initscripts.yml failed to create interface
Resolves: rhbz#1980870

storage - covscan error - DEADCODE - vdopool if create_vdo else parent
Resolves: rhbz#1985571 (EL9)

network - network: tests_bond_initscripts.yml leaves behind unusable resolv.conf in CI

(cherry picked from commit de826808619f4888b822ec834d0f04e445bd743c)
2021-08-04 18:28:54 -06:00
Rich Megginson
6fa0f73cd0 network - no initscripts on el9, restore resolv.conf - storage deadcode issue
sources and .gitignore

network - tests_provider_nm.yml fails with an error: Failure in test 'I can manage a veth interface with NM after I managed it with initscripts.
Resolves: rhbz#1935919

network - _initscripts tests fail because "No package network-scripts available."
Resolves: rhbz#1935916

network - Test tests_bond_initscripts.yml failed to create interface
Resolves: rhbz#1980870

storage - covscan error - DEADCODE - vdopool if create_vdo else parent
Resolves: rhbz#1985571 (EL9)

network - network: tests_bond_initscripts.yml leaves behind unusable resolv.conf in CI

(cherry picked from commit be27c4bdc4eced742a999ee12dbb6bc174cf21dc)
2021-08-04 18:27:47 -06:00
Rich Megginson
b8ce8fac79 network - no initscripts on el9, restore resolv.conf - storage deadcode issue
network - tests_provider_nm.yml fails with an error: Failure in test 'I can manage a veth interface with NM after I managed it with initscripts.
Resolves: rhbz#1935919

network - _initscripts tests fail because "No package network-scripts available."
Resolves: rhbz#1935916

network - Test tests_bond_initscripts.yml failed to create interface
Resolves: rhbz#1980870

storage - covscan error - DEADCODE - vdopool if create_vdo else parent
Resolves: rhbz#1985571 (EL9)

network - network: tests_bond_initscripts.yml leaves behind unusable resolv.conf in CI

(cherry picked from commit c9b7a0996d52394d7675d49ca40bb3041967eafc)
2021-08-04 18:26:27 -06:00
Rich Megginson
d833c892d7 Several fixes - network, certificate, logging, storage, kernel_settings
sources and .gitignore

network - Skip tests on RHEL9 that use hostapd
Resolves: rhbz#1945348
network - Fix the bond test on DHCP
certificate, logging - Use 'tar' command instead of archive module
Resolves: rhbz#1984182 (EL9)
kernel_settings - Disable bootloader testing on EL9
Resolves: rhbz#1944599
logging - Add a support for list value to server_host in the elasticsearch output
Resolves: rhbz#1986460 (EL9)
storage - Add support for percentage-based volume sizes
Resolves: rhbz#1984583 (EL9)
storage -storage_test_actual_size != storage_test_requested_size observed with tests_lvm_auto_size_cap.yml
2021-08-04 17:28:44 -06:00
Rich Megginson
e3b9317300 Several fixes - network, certificate, logging, storage, kernel_settings
network - Skip tests on RHEL9 that use hostapd
Resolves: rhbz#1945348
network - Fix the bond test on DHCP
certificate, logging - Use 'tar' command instead of archive module
Resolves: rhbz#1984182 (EL9)
kernel_settings - Disable bootloader testing on EL9
Resolves: rhbz#1944599
logging - Add a support for list value to server_host in the elasticsearch output
Resolves: rhbz#1986460 (EL9)
storage - Add support for percentage-based volume sizes
Resolves: rhbz#1984583 (EL9)
storage -storage_test_actual_size != storage_test_requested_size observed with tests_lvm_auto_size_cap.yml

(cherry picked from commit 597164e509ac52525191e73dbb1a74f8b1ed8b65)
2021-08-04 17:22:35 -06:00
Rich Megginson
15506c2e6b Error: device becoming unmanaged and pytest not reproducible in tests_integration_pytest.yml
.gitignore and sources

Resolves: rhbz#1985382 (EL9)

EPEL yum repository configuration for tests
Rebasing to latest picks up this fix see rhel7 bz1980439

connections: workaround DeprecationWarning for NM.SettingEthtool.set_feature()
Rebasing to latest picks up this fix

(cherry picked from commit 88167bdae5b04a5feafcec999fdcc0975e1a1219)
2021-08-04 17:09:04 -06:00
Rich Megginson
e166e3eeef Error: device becoming unmanaged and pytest not reproducible in tests_integration_pytest.yml
Resolves: rhbz#1985382 (EL9)

EPEL yum repository configuration for tests
Rebasing to latest picks up this fix see rhel7 bz1980439

connections: workaround DeprecationWarning for NM.SettingEthtool.set_feature()
Rebasing to latest picks up this fix

(cherry picked from commit a9d89f48d068dc32b7492bb3d8f63046d5d78e94)
2021-08-04 17:07:22 -06:00
Rich Megginson
d4c1cd435f ha_cluster - add pacemaker cluster properties configuration - sources and .gitignore
Resolves: rhbz#1982906 (EL9)
(cherry picked from commit d6c31985abe5a5428b8c833c5a7620192180988c)
2021-08-04 16:53:18 -06:00
Rich Megginson
f864d51f0f ha_cluster - add pacemaker cluster properties configuration
Resolves: rhbz#1982906 (EL9)
(cherry picked from commit f2813e8e7eeaf2630873cb47a2827a2d93659475)
2021-08-04 16:53:03 -06:00
Rich Megginson
b520497f16 crypto_policies - rename 'policy modules' to 'subpolicies' - sources and .gitignore
Resolves: rhbz#1982896 (EL9)
(cherry picked from commit 13af44c3868dc219a7600fe3f59228bbccff8ab6)
2021-08-04 16:48:36 -06:00
Rich Megginson
b5acd77e06 crypto_policies - rename 'policy modules' to 'subpolicies'
Resolves: rhbz#1982896 (EL9)
(cherry picked from commit 470be0e5cca5932d363a308837d93be280c5ce27)
2021-08-04 16:48:30 -06:00
Richard Megginson
bc37c741bf storage - relabel doesn't support - Fixed volume relabeling 2021-08-04 22:39:11 +00:00
Rich Megginson
e3fcdb94e5 network - fix idempotency; fix bond tests - sources and .gitignore
network - Re-running the network system role results in "changed: true" when nothing has actually changed
  Resolves: rhbz#1980871
network - Test tests_bond_initscripts.yml failed to create interface
  Resolves: rhbz#1980870

(cherry picked from commit a1ac57a77b3e22abbf2c76a2f6163633448e0d57)
2021-08-04 11:01:55 -06:00
Rich Megginson
d7652f9fa3 network - fix idempotency; fix bond tests
network - Re-running the network system role results in "changed: true" when nothing has actually changed
  Resolves: rhbz#1980871
network - Test tests_bond_initscripts.yml failed to create interface
  Resolves: rhbz#1980870

(cherry picked from commit 84faf297876c597a4232f699137b659ac18e11b5)
2021-08-04 11:01:27 -06:00
Rich Megginson
b21927587a storage - LVMVDO support - sources and .gitignore
Resolves: rhbz#1978488 EL9
(cherry picked from commit 4620521a4a729cb4cadd3d7b2cae703876192e38)
2021-07-09 09:55:27 -06:00
Rich Megginson
5faf6fb9aa storage - LVMVDO support
Resolves: rhbz#1978488 EL9
(cherry picked from commit f3ca7c32422fbccc661f1f2b416bfa667bb568cb)
2021-07-09 09:55:12 -06:00
Rich Megginson
dc73167cc9 update sources and .gitignore
ha_cluster - add pacemaker resources configuration
  Resolves: rhbz#1978726
ha_cluster - code cleanup
  Resolves: rhbz#1978731
Postfix RHEL system role README.md missing variables under the "Role Variables" section
  Resolves: rhbz#1978734
logging README.html examples are rendered incorrectly
  Resolves: rhbz#1978758
make postfix role idempotent - round 2
  Resolves: rhbz#1978760
selinux task for semanage says Fedora in name but also runs on RHEL/CentOS 8
  Resolves: rhbz#1978740
metrics role task to enable logging for targeted hosts not working
  Resolves: rhbz#1978746
network - Only show stderr_lines by default
  Resolves: rhbz#1978731
storage - LVMVDO support
  Resolves: rhbz#1978488
storage - fix several linter issues
  Resolves: rhbz#1978731
ssh - Fix variable precedence when invoked through roles
  Resolves: rhbz#1978745
ssh - Update configuration options list for OpenSSH 8.6
  Resolves: rhbz#1978731
sshd - Fix variable precedence when invoked through roles
  Resolves: rhbz#1978745
sshd - Update configuration options list for OpenSSH 8.6
  Resolves: rhbz#1978731
sshd - support for appending a snippet to configuration file
  Resolves: rhbz#1978752
timesync - add NTS support
  Resolves: rhbz#1978753
timesync - rebase to latest
  Resolves: rhbz#1978731
nbde_client - rebase to latest
  Resolves: rhbz#1978731

(cherry picked from commit a4eb732a237001cd33ce062ecbc297e9eb86e638)
2021-07-02 12:27:39 -06:00
Rich Megginson
d0f254216c Rebase to latest upstream; version tag instead of git commit hash
Use version tag in Source instead of commit hash where possible.
I think the network role prefers to do "proper" releases, and
auto-maintenance is untagged.

In addition, the following changes were made:

ha_cluster - add pacemaker resources configuration
  Resolves: rhbz#1978726
ha_cluster - code cleanup
  Resolves: rhbz#1978731
Postfix RHEL system role README.md missing variables under the "Role Variables" section
  Resolves: rhbz#1978734
logging README.html examples are rendered incorrectly
  Resolves: rhbz#1978758
make postfix role idempotent - round 2
  Resolves: rhbz#1978760
selinux task for semanage says Fedora in name but also runs on RHEL/CentOS 8
  Resolves: rhbz#1978740
metrics role task to enable logging for targeted hosts not working
  Resolves: rhbz#1978746
network - Only show stderr_lines by default
  Resolves: rhbz#1978731
storage - LVMVDO support
  Resolves: rhbz#1978488
storage - fix several linter issues
  Resolves: rhbz#1978731
ssh - Fix variable precedence when invoked through roles
  Resolves: rhbz#1978745
ssh - Update configuration options list for OpenSSH 8.6
  Resolves: rhbz#1978731
sshd - Fix variable precedence when invoked through roles
  Resolves: rhbz#1978745
sshd - Update configuration options list for OpenSSH 8.6
  Resolves: rhbz#1978731
sshd - support for appending a snippet to configuration file
  Resolves: rhbz#1978752
timesync - add NTS support
  Resolves: rhbz#1978753
timesync - rebase to latest
  Resolves: rhbz#1978731
nbde_client - rebase to latest
  Resolves: rhbz#1978731

(cherry picked from commit f0ea5fbead7b5a519f329724497da850fd0f8ae9)
2021-07-02 12:27:22 -06:00
Sergei Petrosian
26408b8e57 Make the use of slashes in ansible_collection_files consistent
Resolves: rhbz#1978731

Make the ansible_collection_files macro defined in Fedora automatically
and in RHEL manually consistent - having slash at the end to clean
double-slashes from the code.

(cherry picked from commit f04c75a2c87a901d9e2b090010744234422e9336)
2021-07-02 12:26:09 -06:00
Sergei Petrosian
bca54c544b Naturalize urls
Resolves: rhbz#1978731

It is more natural to have no slash / at the end of the url definition,
and instead use / where the url is used

Fix the forgeorg15 url

(cherry picked from commit 7c7eb82eee1390e461c4118eaf84845c25ca5581)
2021-07-02 12:25:44 -06:00
Jakub Haruda
4633003ca6 Adding gating.yaml 2021-06-30 18:27:08 +02:00
Noriko Hosoi
e5a42a3758 Add EL 9 support for timesync and network
Resolves: rhbz#1952887

postfix: Use FQRN in README
  Resolves: rhbz#1958964
2021-06-16 15:34:51 -07:00
Noriko Hosoi
5645c1f150 Update system roles for RHEL7 (1970165)
Avoid dynamically using the license macro since the license macro
  is replaced with the value of License directive in the older rpmbuild.
Needs to list excluded files in this hardcoded style since when
  format_item_for_files is executed, brp-python-bytecompile is not
  executed yet.

Resolves: rhbz#1961404
2021-06-16 15:08:30 -07:00
Rich Megginson
b3d4ab2c64 sources - Fix HTML rendering of internal links when using pandoc/asciidoc
Uses pandoc gfm instead of markdown_github (1962976)

Related: rhbz#1961404
2021-06-16 15:07:57 -07:00
Rich Megginson
f940749309 Fix HTML rendering of internal links when using pandoc/asciidoc
Uses pandoc gfm instead of markdown_github (1962976)

Related: rhbz#1961404
2021-06-16 15:03:37 -07:00
Noriko Hosoi
533ad2c992 Make spec file available for older versions of OSes. (1970165)
Drop python3-six dependency which was used by lsr_role2collection.py.
Drop html files from rpm if the version has no markdown parser.
Drop unnecessary python scripts which include python3 only code, e.g.,
  f-strings.

  Resolves: rhbz#1961404
2021-06-11 13:34:52 -07:00