Commit Graph

204 Commits

Author SHA1 Message Date
Rich Megginson
4aee3a6cf3 logging_purge_conf fix; kernel_settings ansible_managed fix; vpn_ipaddr fix - sources and .gitignore
sources and .gitignore

vpn - use custom vpn_ipaddr filter to make role work on RHEL 8.6 with ansible-core
this is covered by "make roles work with ansible-core on all platforms" BZ

logging - Logging role "logging_purge_confs" option not properly working
Resolves: rhbz#2039106

kernel_settings role should use ansible_managed in its configuration file
Resolves: rhbz#2047506

(cherry picked from commit 585bf2b1d94e1e6e14af4451d21652da3c2cd542)
2022-02-01 08:27:51 -07:00
Rich Megginson
38a41c08a0 logging_purge_conf fix; kernel_settings ansible_managed fix; vpn_ipaddr fix
vpn - use custom vpn_ipaddr filter to make role work on RHEL 8.6 with ansible-core
  this is covered by "make roles work with ansible-core on all platforms" BZ

logging - Logging role "logging_purge_confs" option not properly working
Resolves: rhbz#2039106

kernel_settings role should use ansible_managed in its configuration file
Resolves: rhbz#2047506

(cherry picked from commit 136a75679287eb30dc043cee5a59190b10c1e478)
2022-02-01 08:27:37 -07:00
Fedora Release Engineering
29d1488c2c - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>

Resolves: rhbz#2012298

(cherry picked from commit ba4d2bce257205a01aee4a856be145c4936b45f7)
2022-02-01 08:27:28 -07:00
Miro Hrončok
6576f9aa9c Use PEP 503 names for BuildRequires, but maintain EPEL 8 compatibility
Since Fedora 33, we generate both python3dist(foo.bar) and python3dist(foo-bar)
provides, but we'd like to follow PEP 503 and use only the names with dash.

By using the %py3_dist macro, this remains compatible with EPEL 8

Resolves: rhbz#2012298

(cherry picked from commit 2406e1f14815924cd65b4fdc3cf10c290f206a70)
2022-02-01 08:27:17 -07:00
Richard Megginson
679e17907b add cockpit, firewall; ansible 2.12 support; many more enhancements, fixes 2021-12-09 18:51:08 +00:00
Sergei Petrosian
1626695f4f Change PFSL to Python because rpmspec uses Python abbreviation
Related: rhbz#2006076
2021-10-26 17:38:37 +02:00
Sergei Petrosian
f8c6c6d6e8 Rebase to latest upstream
- Support ansible-core and improve roles:
- selinux: Add support for Rocky Linux 8, fix
ansible_distribution_major_version
  - timesync: Support ansible-core, use ansible_managed | comment
  - kdump: Support ansible-core, use ansible_managed | comment
- network: Support ansible-core; deprecate RHEL 9 in readme; validate
that ipv6_disabled is conflicting with other settings; specify PCI
address to configure profile - adds match and path settings)
- storage: Support ansible-core, add skip checks feature to speed up
the tests
- logging: Support ansible-core, add the `uid` option for
elasticsearch, improve performance, use ansible_manged | comment
  Resolves: rhbz#1990490 (EL9)
  - ssh: Use ansible_manged | comment
  - sshd: Use ansible_managed | comment
  - ha_cluster: Support ansible-core, fix password_hash salt length
- vpn: Support ansible-core, use wait_for_connection instead of
wait_for with ssh
  - ansible_managed | comment BZs:
    Resolves: rhbz#2006230 (EL9)
- untar the collection tarballs and copy the files
- Add vendoring code for rhel / centos
  - selinux: selinux, seboolean, seport, selogin, sefcontext
  - storage: mount
  - vpn: ipaddr
  Resolves: rhbz#2006076 (EL9)
2021-10-26 13:06:59 +02:00
Rich Megginson
d16afec0fa selinux - some tests give USER_AVC denied errors
selinux tests_selinux_disabled.yml gives USER_AVC errors, so
add the tag so this test will be skipped by basic smoke test.
Resolves: rhbz#1996315 (EL9)

(cherry picked from commit ebbd49b04d5dced636177d56729fdc50d3a06df5)
2021-08-26 08:38:49 -06:00
Rich Megginson
d1ef6e6cb9 storage - revert dm-vdo workaround
sources and .gitignore

storage - revert the dm-vdo workaround fix for vdo testing
Resolves: rhbz#1978488 (EL9)

(cherry picked from commit b29d680632243def5f060b223bfacf699c89be70)
2021-08-26 08:22:55 -06:00
Rich Megginson
58873d92ff storage - revert dm-vdo workaround
storage - revert the dm-vdo workaround fix for vdo testing
Resolves: rhbz#1978488 (EL9)

(cherry picked from commit 28f40e09cc1c5a947c9dfa0cd6fa32abc725cccf)
2021-08-26 08:22:51 -06:00
Rich Megginson
947b1122b4 logging - Update the certificates copy tasks - sources and .gitignore
logging - Update the certificates copy tasks
Resolves: rhbz#1996777 (EL9)

(cherry picked from commit aa1f94b1aba1ce0d1556589c7cd0789ca044184d)
2021-08-25 09:34:09 -06:00
Rich Megginson
725e899f60 logging - Update the certificates copy tasks
logging - Update the certificates copy tasks
Resolves: rhbz#1996777 (EL9)

(cherry picked from commit e2562c34964f843495769cbbdc7f8f9c24615c5c)
2021-08-25 09:33:07 -06:00
Rich Megginson
818c68af35 metrics - the bpftrace role does not properly configure bpftrace agent
sources and .gitignore

metrics - the bpftrace role does not properly configure bpftrace agent
Resolves: rhbz#1994180 (EL9)

(cherry picked from commit f4ad485043ea038067343afb52edcad09b732b89)
2021-08-18 17:14:48 -06:00
Rich Megginson
328e881079 the bpftrace role does not properly configure bpftrace agent
metrics - the bpftrace role does not properly configure bpftrace agent
Resolves: rhbz#1994180 (EL9)

(cherry picked from commit 06ff97e58da3aff305ebea0ab34b9c55452eb031)
2021-08-18 17:14:23 -06:00
Rich Megginson
af8f9dcc95 drop support for ansible 2.8; fix sshd el6 bug
sources and .gitignore

drop support for Ansible 2.8 - min_ansible_version is now 2.9
Resolves: rhbz#1989197 (EL9)

sshd - fix rhel6 support - failed to validate: error:Missing Match criteria for all Bad Match condition
Resolves: rhbz#1991598 (EL9)

(cherry picked from commit 7f1d328ac5783bda4c070aa2b68bd5905f6db05c)
2021-08-18 17:11:24 -06:00
Rich Megginson
52c415a1da drop support for ansible 2.8; fix sshd el6 bug
drop support for Ansible 2.8 - min_ansible_version is now 2.9
Resolves: rhbz#1989197 (EL9)

sshd - fix rhel6 support - failed to validate: error:Missing Match criteria for all Bad Match condition
Resolves: rhbz#1991598 (EL9)

(cherry picked from commit 86144623e53d9187029d9e82fdc65872322c64d8)
2021-08-18 17:11:05 -06:00
Rich Megginson
ce769979cf storage - dm-vdo not found; tests_lvm_errors syntax errors
sources and .gitignore

storage - tests_create_lvmvdo_then_remove fails - Module dm-vdo not found
Resolves: rhbz#1991062 (EL9)

storage - Get syntax errors in tests_lvm_errors.yml
Resolves: rhbz#1991142 (EL9)

(cherry picked from commit e740774d321bbfee57d0c8bb5a46ecb6ef0a95af)
2021-08-18 17:08:21 -06:00
Rich Megginson
7089e62386 storage - dm-vdo not found; tests_lvm_errors syntax errors
storage - tests_create_lvmvdo_then_remove fails - Module dm-vdo not found
Resolves: rhbz#1991062 (EL9)

storage - Get syntax errors in tests_lvm_errors.yml
Resolves: rhbz#1991142 (EL9)

(cherry picked from commit a85ede7da4af74da633c2c03a5ebadd3f55246a3)
2021-08-18 17:07:43 -06:00
Mohan Boddu
19c90202d1 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-10 00:37:46 +00:00
Rich Megginson
92471d9a8f logging, cert - use tar; logging - server_host; logging - py crypto
sources and .gitignore

logging, certificate - Instead of the archive module, use "tar" command for backup.
Resolves: rhbz#1984182 (EL9)

logging - Add a support for list value to server_host in the elasticsearch output
Resolves: rhbz#1986460 (EL9)

logging - tests_relp.yml; Can't detect any of the required Python libraries cryptography (>= 1.2.3) or PyOpenSSL (>= 0.6)
Resolves: rhbz#1989962 (EL9)

(cherry picked from commit 8daf3a42b881852c5d4e75f8255b31dfdc4421d1)
2021-08-08 11:27:22 -06:00
Rich Megginson
5975a6072b logging, cert - use tar; logging - server_host; logging - py crypto
logging, certificate - Instead of the archive module, use "tar" command for backup.
Resolves: rhbz#1984182 (EL9)

logging - Add a support for list value to server_host in the elasticsearch output
Resolves: rhbz#1986460 (EL9)

logging - tests_relp.yml; Can't detect any of the required Python libraries cryptography (>= 1.2.3) or PyOpenSSL (>= 0.6)
Resolves: rhbz#1989962 (EL9)

(cherry picked from commit 6e83ea827bef074f0d105e208da3b633bb9ae66e)
2021-08-08 11:26:20 -06:00
Rich Megginson
c44356213c metrics - Grafana dashboard not working after metrics role run unless services manually restarted
sources and .gitignore
Resolves: rhbz#1984150 (EL9)

(cherry picked from commit f30b3be9623c766d91c6f21fd9eea0f030e0d105)
2021-08-08 11:11:23 -06:00
Rich Megginson
5f3c7039f7 metrics - Grafana dashboard not working after metrics role run unless services manually restarted
Resolves: rhbz#1984150 (EL9)
(cherry picked from commit 882dfa0cd996125af2cbbf45ce474a78eae20e2a)
2021-08-08 11:09:57 -06:00
Rich Megginson
527507bc3b storage - tag tests that use NVME and SCSI - sources and .gitignore
storage - tag tests that use NVME and SCSI
Resolves: rhbz#1988573 (EL9)

(cherry picked from commit fba93165eeb50e0343963d0e7bb19b0f6af825ab)
2021-08-08 10:47:13 -06:00
Rich Megginson
73a32883a7 storage - tag tests that use NVME and SCSI
storage - tag tests that use NVME and SCSI
Resolves: rhbz#1988573 (EL9)

(cherry picked from commit a9197653408f2b61cbed4f3e265f5480ee05057a)
2021-08-08 10:45:37 -06:00
Rich Megginson
62941f0f74 disable the specname check
The package name is rhel-system-roles which does not match the
spec file name linux-system-roles.spec - so just disable that check
Resolves: rhbz#1990099
2021-08-06 07:55:24 -06:00
Rich Megginson
bf969a7c2a sshd - support for rhel9 managed hosts - sources and .gitignore
sshd - support for rhel9 managed hosts
Resolves: rhbz#1989221 (EL9)

(cherry picked from commit c5813f8f5e1ce3f1fecc69913fc7b365a8d996af)
2021-08-04 18:38:10 -06:00
Rich Megginson
e7f56a79dc sshd - support for rhel9 managed hosts
sshd - support for rhel9 managed hosts
Resolves: rhbz#1989221 (EL9)

(cherry picked from commit f988cf133f7775eb47c98bbfc73bff75f18c463c)
2021-08-04 18:37:14 -06:00
Rich Megginson
00294d4775 network - no initscripts on el9, restore resolv.conf - storage deadcode issue
fix network .diff files for new code

network - tests_provider_nm.yml fails with an error: Failure in test 'I can manage a veth interface with NM after I managed it with initscripts.
Resolves: rhbz#1935919

network - _initscripts tests fail because "No package network-scripts available."
Resolves: rhbz#1935916

network - Test tests_bond_initscripts.yml failed to create interface
Resolves: rhbz#1980870

storage - covscan error - DEADCODE - vdopool if create_vdo else parent
Resolves: rhbz#1985571 (EL9)

network - network: tests_bond_initscripts.yml leaves behind unusable resolv.conf in CI

(cherry picked from commit de826808619f4888b822ec834d0f04e445bd743c)
2021-08-04 18:28:54 -06:00
Rich Megginson
6fa0f73cd0 network - no initscripts on el9, restore resolv.conf - storage deadcode issue
sources and .gitignore

network - tests_provider_nm.yml fails with an error: Failure in test 'I can manage a veth interface with NM after I managed it with initscripts.
Resolves: rhbz#1935919

network - _initscripts tests fail because "No package network-scripts available."
Resolves: rhbz#1935916

network - Test tests_bond_initscripts.yml failed to create interface
Resolves: rhbz#1980870

storage - covscan error - DEADCODE - vdopool if create_vdo else parent
Resolves: rhbz#1985571 (EL9)

network - network: tests_bond_initscripts.yml leaves behind unusable resolv.conf in CI

(cherry picked from commit be27c4bdc4eced742a999ee12dbb6bc174cf21dc)
2021-08-04 18:27:47 -06:00
Rich Megginson
b8ce8fac79 network - no initscripts on el9, restore resolv.conf - storage deadcode issue
network - tests_provider_nm.yml fails with an error: Failure in test 'I can manage a veth interface with NM after I managed it with initscripts.
Resolves: rhbz#1935919

network - _initscripts tests fail because "No package network-scripts available."
Resolves: rhbz#1935916

network - Test tests_bond_initscripts.yml failed to create interface
Resolves: rhbz#1980870

storage - covscan error - DEADCODE - vdopool if create_vdo else parent
Resolves: rhbz#1985571 (EL9)

network - network: tests_bond_initscripts.yml leaves behind unusable resolv.conf in CI

(cherry picked from commit c9b7a0996d52394d7675d49ca40bb3041967eafc)
2021-08-04 18:26:27 -06:00
Rich Megginson
d833c892d7 Several fixes - network, certificate, logging, storage, kernel_settings
sources and .gitignore

network - Skip tests on RHEL9 that use hostapd
Resolves: rhbz#1945348
network - Fix the bond test on DHCP
certificate, logging - Use 'tar' command instead of archive module
Resolves: rhbz#1984182 (EL9)
kernel_settings - Disable bootloader testing on EL9
Resolves: rhbz#1944599
logging - Add a support for list value to server_host in the elasticsearch output
Resolves: rhbz#1986460 (EL9)
storage - Add support for percentage-based volume sizes
Resolves: rhbz#1984583 (EL9)
storage -storage_test_actual_size != storage_test_requested_size observed with tests_lvm_auto_size_cap.yml
2021-08-04 17:28:44 -06:00
Rich Megginson
e3b9317300 Several fixes - network, certificate, logging, storage, kernel_settings
network - Skip tests on RHEL9 that use hostapd
Resolves: rhbz#1945348
network - Fix the bond test on DHCP
certificate, logging - Use 'tar' command instead of archive module
Resolves: rhbz#1984182 (EL9)
kernel_settings - Disable bootloader testing on EL9
Resolves: rhbz#1944599
logging - Add a support for list value to server_host in the elasticsearch output
Resolves: rhbz#1986460 (EL9)
storage - Add support for percentage-based volume sizes
Resolves: rhbz#1984583 (EL9)
storage -storage_test_actual_size != storage_test_requested_size observed with tests_lvm_auto_size_cap.yml

(cherry picked from commit 597164e509ac52525191e73dbb1a74f8b1ed8b65)
2021-08-04 17:22:35 -06:00
Rich Megginson
15506c2e6b Error: device becoming unmanaged and pytest not reproducible in tests_integration_pytest.yml
.gitignore and sources

Resolves: rhbz#1985382 (EL9)

EPEL yum repository configuration for tests
Rebasing to latest picks up this fix see rhel7 bz1980439

connections: workaround DeprecationWarning for NM.SettingEthtool.set_feature()
Rebasing to latest picks up this fix

(cherry picked from commit 88167bdae5b04a5feafcec999fdcc0975e1a1219)
2021-08-04 17:09:04 -06:00
Rich Megginson
e166e3eeef Error: device becoming unmanaged and pytest not reproducible in tests_integration_pytest.yml
Resolves: rhbz#1985382 (EL9)

EPEL yum repository configuration for tests
Rebasing to latest picks up this fix see rhel7 bz1980439

connections: workaround DeprecationWarning for NM.SettingEthtool.set_feature()
Rebasing to latest picks up this fix

(cherry picked from commit a9d89f48d068dc32b7492bb3d8f63046d5d78e94)
2021-08-04 17:07:22 -06:00
Rich Megginson
d4c1cd435f ha_cluster - add pacemaker cluster properties configuration - sources and .gitignore
Resolves: rhbz#1982906 (EL9)
(cherry picked from commit d6c31985abe5a5428b8c833c5a7620192180988c)
2021-08-04 16:53:18 -06:00
Rich Megginson
f864d51f0f ha_cluster - add pacemaker cluster properties configuration
Resolves: rhbz#1982906 (EL9)
(cherry picked from commit f2813e8e7eeaf2630873cb47a2827a2d93659475)
2021-08-04 16:53:03 -06:00
Rich Megginson
b520497f16 crypto_policies - rename 'policy modules' to 'subpolicies' - sources and .gitignore
Resolves: rhbz#1982896 (EL9)
(cherry picked from commit 13af44c3868dc219a7600fe3f59228bbccff8ab6)
2021-08-04 16:48:36 -06:00
Rich Megginson
b5acd77e06 crypto_policies - rename 'policy modules' to 'subpolicies'
Resolves: rhbz#1982896 (EL9)
(cherry picked from commit 470be0e5cca5932d363a308837d93be280c5ce27)
2021-08-04 16:48:30 -06:00
Richard Megginson
bc37c741bf storage - relabel doesn't support - Fixed volume relabeling 2021-08-04 22:39:11 +00:00
Rich Megginson
e3fcdb94e5 network - fix idempotency; fix bond tests - sources and .gitignore
network - Re-running the network system role results in "changed: true" when nothing has actually changed
  Resolves: rhbz#1980871
network - Test tests_bond_initscripts.yml failed to create interface
  Resolves: rhbz#1980870

(cherry picked from commit a1ac57a77b3e22abbf2c76a2f6163633448e0d57)
2021-08-04 11:01:55 -06:00
Rich Megginson
d7652f9fa3 network - fix idempotency; fix bond tests
network - Re-running the network system role results in "changed: true" when nothing has actually changed
  Resolves: rhbz#1980871
network - Test tests_bond_initscripts.yml failed to create interface
  Resolves: rhbz#1980870

(cherry picked from commit 84faf297876c597a4232f699137b659ac18e11b5)
2021-08-04 11:01:27 -06:00
Rich Megginson
b21927587a storage - LVMVDO support - sources and .gitignore
Resolves: rhbz#1978488 EL9
(cherry picked from commit 4620521a4a729cb4cadd3d7b2cae703876192e38)
2021-07-09 09:55:27 -06:00
Rich Megginson
5faf6fb9aa storage - LVMVDO support
Resolves: rhbz#1978488 EL9
(cherry picked from commit f3ca7c32422fbccc661f1f2b416bfa667bb568cb)
2021-07-09 09:55:12 -06:00
Rich Megginson
dc73167cc9 update sources and .gitignore
ha_cluster - add pacemaker resources configuration
  Resolves: rhbz#1978726
ha_cluster - code cleanup
  Resolves: rhbz#1978731
Postfix RHEL system role README.md missing variables under the "Role Variables" section
  Resolves: rhbz#1978734
logging README.html examples are rendered incorrectly
  Resolves: rhbz#1978758
make postfix role idempotent - round 2
  Resolves: rhbz#1978760
selinux task for semanage says Fedora in name but also runs on RHEL/CentOS 8
  Resolves: rhbz#1978740
metrics role task to enable logging for targeted hosts not working
  Resolves: rhbz#1978746
network - Only show stderr_lines by default
  Resolves: rhbz#1978731
storage - LVMVDO support
  Resolves: rhbz#1978488
storage - fix several linter issues
  Resolves: rhbz#1978731
ssh - Fix variable precedence when invoked through roles
  Resolves: rhbz#1978745
ssh - Update configuration options list for OpenSSH 8.6
  Resolves: rhbz#1978731
sshd - Fix variable precedence when invoked through roles
  Resolves: rhbz#1978745
sshd - Update configuration options list for OpenSSH 8.6
  Resolves: rhbz#1978731
sshd - support for appending a snippet to configuration file
  Resolves: rhbz#1978752
timesync - add NTS support
  Resolves: rhbz#1978753
timesync - rebase to latest
  Resolves: rhbz#1978731
nbde_client - rebase to latest
  Resolves: rhbz#1978731

(cherry picked from commit a4eb732a237001cd33ce062ecbc297e9eb86e638)
2021-07-02 12:27:39 -06:00
Rich Megginson
d0f254216c Rebase to latest upstream; version tag instead of git commit hash
Use version tag in Source instead of commit hash where possible.
I think the network role prefers to do "proper" releases, and
auto-maintenance is untagged.

In addition, the following changes were made:

ha_cluster - add pacemaker resources configuration
  Resolves: rhbz#1978726
ha_cluster - code cleanup
  Resolves: rhbz#1978731
Postfix RHEL system role README.md missing variables under the "Role Variables" section
  Resolves: rhbz#1978734
logging README.html examples are rendered incorrectly
  Resolves: rhbz#1978758
make postfix role idempotent - round 2
  Resolves: rhbz#1978760
selinux task for semanage says Fedora in name but also runs on RHEL/CentOS 8
  Resolves: rhbz#1978740
metrics role task to enable logging for targeted hosts not working
  Resolves: rhbz#1978746
network - Only show stderr_lines by default
  Resolves: rhbz#1978731
storage - LVMVDO support
  Resolves: rhbz#1978488
storage - fix several linter issues
  Resolves: rhbz#1978731
ssh - Fix variable precedence when invoked through roles
  Resolves: rhbz#1978745
ssh - Update configuration options list for OpenSSH 8.6
  Resolves: rhbz#1978731
sshd - Fix variable precedence when invoked through roles
  Resolves: rhbz#1978745
sshd - Update configuration options list for OpenSSH 8.6
  Resolves: rhbz#1978731
sshd - support for appending a snippet to configuration file
  Resolves: rhbz#1978752
timesync - add NTS support
  Resolves: rhbz#1978753
timesync - rebase to latest
  Resolves: rhbz#1978731
nbde_client - rebase to latest
  Resolves: rhbz#1978731

(cherry picked from commit f0ea5fbead7b5a519f329724497da850fd0f8ae9)
2021-07-02 12:27:22 -06:00
Sergei Petrosian
26408b8e57 Make the use of slashes in ansible_collection_files consistent
Resolves: rhbz#1978731

Make the ansible_collection_files macro defined in Fedora automatically
and in RHEL manually consistent - having slash at the end to clean
double-slashes from the code.

(cherry picked from commit f04c75a2c87a901d9e2b090010744234422e9336)
2021-07-02 12:26:09 -06:00
Sergei Petrosian
bca54c544b Naturalize urls
Resolves: rhbz#1978731

It is more natural to have no slash / at the end of the url definition,
and instead use / where the url is used

Fix the forgeorg15 url

(cherry picked from commit 7c7eb82eee1390e461c4118eaf84845c25ca5581)
2021-07-02 12:25:44 -06:00
Jakub Haruda
4633003ca6 Adding gating.yaml 2021-06-30 18:27:08 +02:00
Noriko Hosoi
e5a42a3758 Add EL 9 support for timesync and network
Resolves: rhbz#1952887

postfix: Use FQRN in README
  Resolves: rhbz#1958964
2021-06-16 15:34:51 -07:00