journald - New role - journald - manage systemd-journald
Resolves:rhbz#2165175
nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data
Resolves:rhbz#2162782
selinux - managing modules is not idempotent
Resolves:rhbz#2160152
fix storage tests_swap and tests_misc - swap size < 128GB on EL7
fix podman general-meta issue
network - role should support running tests with ANSIBLE_GATHERING=explicit
Resolves:rhbz#2100559
Synchronize automation-related changes from Fedora spec file
Resolves:rhbz#2149678
ha_cluster - Allow quorum device configuration
Resolves:rhbz#2140804
ha_cluster - Allow enabled SBD on disabled cluster
Resolves:rhbz#2153030
ha_cluster - use no_log in tasks looping over pot. secret parameters
Resolves:rhbz#2143816
community.general 6.2.0
replace community.general with namespace.name for rhc role
storage - [RHEL9] ansible.parsing.yaml.objects.AnsibleUnicode object' has no attribute 'bytes'
Resolves:rhbz#2143246
storage - [RHEL9] disks_needed need to be set for the raid test cases
Resolves:rhbz#2128467
storage - [RHEL9 system role] storage role vdo tests failed about "VDO deduplication is off but it should not"
Resolves:rhbz#2123594
storage - [RHEL9] tests_create_thinp_then_remove_scsi_generated.yml failed at "assertion": "(storage_test_expected_size|int - storage_test_actual_size.bytes)|abs / storage_test_expected_size|int < 0.01"
Resolves:rhbz#2153660
ha_cluster - [RFE] convert ha_cluster role to use firewall, selinux and certificate role
Resolves:rhbz#2130010
network - Support cloned MAC address
Resolves:rhbz#2143768
podman - [RFE] role for managing podman containers and systemd
Resolves:rhbz#2143427
cockpit - [RFE] convert cockpit role to use firewall, selinux role, and certificate role
Resolves:rhbz#2137663
logging - [RFE] convert logging role to use firewall, selinux role, and certificate role
Resolves:rhbz#2130357
metrics - [RFE] convert metrics role to use firewall and selinux role
Resolves:rhbz#2133528
nbde_server - [RFE] convert nbde_server role to use firewall and selinux role
Resolves:rhbz#2133930
postfix - [RFE] convert postfix role to use firewall and selinux role
Resolves:rhbz#2130329
vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid
Resolves:rhbz#2119102
vpn - [RFE] convert vpn role to use firewall and selinux role
Resolves:rhbz#2130344
selinux - add support for the 'local' parameter
Resolves:rhbz#2128843
sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found
Resolves:rhbz#2129401
ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles [rhel-9.2.0]
Resolves:rhbz#2130969
make network role support ansible-core 2.14
fix md to adoc to html conversion for vpn and ha_cluster
network - [RFE] Support setting the metric of the default route for initscripts provider
Resolves:rhbz#2134202
network - [RFE] Support the DNS priority
Resolves:rhbz#2133858
network - Support looking up named route table in routing rule
Resolves:rhbz#2131293
network - tests_bond_options_nm.yml failing, Cannot find device "nm-bond"
Resolves:rhbz#2123311
network - [RFE] Support setting the metric of the default route for initscripts provider
Resolves:rhbz#2134202
network - [RFE] Support the DNS priority
Resolves:rhbz#2133858
network - Support looking up named route table in routing rule
Resolves:rhbz#2131293
network - tests_bond_options_nm.yml failing, Cannot find device "nm-bond"
Resolves:rhbz#2123311
cockpit - Add customization of port
Resolves:rhbz#2115152
firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID
Resolves:rhbz#2100942
firewall - support for firewall_config - gather firewall facts
Resolves:rhbz#2115154
logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs
Resolves:rhbz#2112145
selinux - Added setting of seuser and selevel for completeness
Resolves:rhbz#2115157
nbde_client - Sets proper spacing for parameter rd.neednet=1
Resolves:rhbz#2115156
ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing
Resolves:rhbz#2109998
storage - [RHEL9] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.
Resolves:rhbz#2082736
network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence
Resolves:rhbz#2115886
cockpit - Add customization of port
Resolves:rhbz#2115152
firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID
Resolves:rhbz#2100942
firewall - support for firewall_config - gather firewall facts
Resolves:rhbz#2115154
logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs
Resolves:rhbz#2112145
selinux - Added setting of seuser and selevel for completeness
Resolves:rhbz#2115157
nbde_client - Sets proper spacing for parameter rd.neednet=1
Resolves:rhbz#2115156
ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing
Resolves:rhbz#2109998
storage - [RHEL9] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.
Resolves:rhbz#2082736
network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence
Resolves:rhbz#2115886
sources and .gitignore
[RHEL9] _storage_test_pool_pvs get wrong data type in test-verify-pool-members.yml
Resolves: rhbz#2044119
[RFE] [network] Support managing the network through nmstate schema
Resolves: rhbz#2072385
storage - support for adding/removing disks to/from storage pools
Resolves: rhbz#2072742
storage - support for attaching cache volumes to existing volumes
Resolves: rhbz#2072746
crypto_policies - rhel 8.7 default policy is FUTURE not DEFAULT
Resolves: rhbz#2100251
document minimum supported redis version required by rhel-system-roles
Resolves: rhbz#2100286
firewall - support add/modify/delete services
Resolves: rhbz#2100292
metrics - restart pmie, pmlogger if changed, do not wait for handler
Resolves: rhbz#2100294
forward_port should accept list of string or list of dict
Resolves: rhbz#2100605
[RHEL9] _storage_test_pool_pvs get wrong data type in test-verify-pool-members.yml
Resolves: rhbz#2044119
[RFE] [network] Support managing the network through nmstate schema
Resolves: rhbz#2072385
storage - support for adding/removing disks to/from storage pools
Resolves: rhbz#2072742
storage - support for attaching cache volumes to existing volumes
Resolves: rhbz#2072746
crypto_policies - rhel 8.7 default policy is FUTURE not DEFAULT
Resolves: rhbz#2100251
document minimum supported redis version required by rhel-system-roles
Resolves: rhbz#2100286
firewall - support add/modify/delete services
Resolves: rhbz#2100292
metrics - restart pmie, pmlogger if changed, do not wait for handler
Resolves: rhbz#2100294
forward_port should accept list of string or list of dict
Resolves: rhbz#2100605
sources and .gitignore
storage - support for creating and managing LVM thin pools/LVs
Resolves: rhbz#2072745 (9.1.0)
Update Ansible syntax in Firewall system role README.md file examples
Resolves: rhbz#2094096 (9.1.0)
storage role raid_level "striped" is not supported
Resolves: rhbz#2083410 (9.1.0)
network: the controller device is not completely cleaned up in the bond tests.
Resolves: rhbz#2089872 (9.1.0)
state no longer required for masquerade and ICMP block inversion
Resolves: rhbz#2093423 (9.1.0)
Move tasks that set up CI environment to roles tasks/ dir
Resolves: rhbz#2093438 (9.1.0)
storage - support for creating and managing LVM thin pools/LVs
Resolves: rhbz#2072745 (9.1.0)
Update Ansible syntax in Firewall system role README.md file examples
Resolves: rhbz#2094096 (9.1.0)
storage role raid_level "striped" is not supported
Resolves: rhbz#2083410 (9.1.0)
network: the controller device is not completely cleaned up in the bond tests.
Resolves: rhbz#2089872 (9.1.0)
state no longer required for masquerade and ICMP block inversion
Resolves: rhbz#2093423 (9.1.0)
Move tasks that set up CI environment to roles tasks/ dir
Resolves: rhbz#2093438 (9.1.0)
sources and .gitignore
[Improvement] Allow System Role to reset to default Firewalld Settings
Resolves: rhbz#2043010
[RFE] add an option to the metrics role to enable postfix metric collection
Resolves: rhbz#2051737
sshd system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf"
Resolves: rhbz#2052081
sshd system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9
Resolves: rhbz#2052086
logging tests fail during cleanup if no cloud-init on system
Resolves: rhbz#2058799
Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run
Resolves: rhbz#2060523
timesync: basic-smoke test failure in timesync/tests_ntp.yml
Resolves: rhbz#2060524
kernel_settings error configobj not found on RHEL 8.6 managed hosts
Resolves: rhbz#2060525
Firewall system role Ansible deprecation warning related to "include"
Resolves: rhbz#2061511
ha_cluster - support advanced corosync configuration
Resolves: rhbz#2065337
network - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]
Resolves: rhbz#2065382
Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default [rhel-9.1.0]
Resolves: rhbz#2065383
metrics - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]
Resolves: rhbz#2065392
postfix - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]
Resolves: rhbz#2065393
bond: fix typo in supporting the infiniband ports in active-backup mode [rhel-9.1.0]
Resolves: rhbz#2065394
pytest failed when running with nm providers in the rhel-8.5 beaker machine [rhel-9.1.0]
Resolves: rhbz#2066911
NBDE client system role does not support servers with static IP addresses [rhel-9.1.0]
Resolves: rhbz#2070462
Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default
Resolves: rhbz#2071804
ha_cluster - add support for configuring bundle resources
Resolves: rhbz#2073519
FIPS mode detection in SSHD role is wrong
Resolves: rhbz#2073605
Logging - RFE - support template, severity and facility options
Resolves: rhbz#2075119
All roles should support running with gather_facts: false
Resolves: rhbz#2078989
[RFE] Extend rhel-system-roles.network feature set to support routing rules
Resolves: rhbz#2079622
ha_cluster - support SBD fencing
Resolves: rhbz#2079626
RFE storage Less verbosity by default
Resolves: rhbz#2079627
storage role cannot set mount_options for volumes
Resolves: rhbz#2083376
Rework the infiniband support
Resolves: rhbz#2086965
[Improvement] Allow System Role to reset to default Firewalld Settings
Resolves: rhbz#2043010
[RFE] add an option to the metrics role to enable postfix metric collection
Resolves: rhbz#2051737
sshd system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf"
Resolves: rhbz#2052081
sshd system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9
Resolves: rhbz#2052086
logging tests fail during cleanup if no cloud-init on system
Resolves: rhbz#2058799
Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run
Resolves: rhbz#2060523
timesync: basic-smoke test failure in timesync/tests_ntp.yml
Resolves: rhbz#2060524
kernel_settings error configobj not found on RHEL 8.6 managed hosts
Resolves: rhbz#2060525
Firewall system role Ansible deprecation warning related to "include"
Resolves: rhbz#2061511
ha_cluster - support advanced corosync configuration
Resolves: rhbz#2065337
network - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]
Resolves: rhbz#2065382
Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default [rhel-9.1.0]
Resolves: rhbz#2065383
metrics - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]
Resolves: rhbz#2065392
postfix - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]
Resolves: rhbz#2065393
bond: fix typo in supporting the infiniband ports in active-backup mode [rhel-9.1.0]
Resolves: rhbz#2065394
pytest failed when running with nm providers in the rhel-8.5 beaker machine [rhel-9.1.0]
Resolves: rhbz#2066911
NBDE client system role does not support servers with static IP addresses [rhel-9.1.0]
Resolves: rhbz#2070462
Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default
Resolves: rhbz#2071804
ha_cluster - add support for configuring bundle resources
Resolves: rhbz#2073519
FIPS mode detection in SSHD role is wrong
Resolves: rhbz#2073605
Logging - RFE - support template, severity and facility options
Resolves: rhbz#2075119
All roles should support running with gather_facts: false
Resolves: rhbz#2078989
[RFE] Extend rhel-system-roles.network feature set to support routing rules
Resolves: rhbz#2079622
ha_cluster - support SBD fencing
Resolves: rhbz#2079626
RFE storage Less verbosity by default
Resolves: rhbz#2079627
storage role cannot set mount_options for volumes
Resolves: rhbz#2083376
Rework the infiniband support
Resolves: rhbz#2086965
sources and .gitignore
kernel_settings error configobj not found on RHEL 8.6 managed hosts
Resolves: rhbz#2060525 (EL9)
timesync: basic-smoke test failure in timesync/tests_ntp.yml
Resolves: rhbz#2060524 (EL9)
(cherry picked from commit 988f534df1b62224443d886c82886190c17060b4)
(cherry picked from commit 0b12f67bdad976eae0a579941c57c78e7e884d25)
kernel_settings error configobj not found on RHEL 8.6 managed hosts
Resolves: rhbz#2060525 (EL9)
timesync: basic-smoke test failure in timesync/tests_ntp.yml
Resolves: rhbz#2060524 (EL9)
(cherry picked from commit 6065b77481477ecc55f9af6638ec783cbadd1c87)
(cherry picked from commit 2575704e8a8cf17f3bff4c1c4c2dff0df48d1669)
sources and .gitignore
firewall - ensure target changes take effect immediately
Resolves: rhbz#2057164 (EL9)
firewall - Firewall RHEL System Role should be able to set default zone
Resolves: rhbz#2022461 (EL9)
network - tests_802_1x_nm, tests_802_1x_updated_nm fails because of missing hostapd in EPEL
Resolves: rhbz#2053861 (EL9)
(cherry picked from commit 777e931108d31a5d8e5af5b0963317acab3905d2)
firewall - ensure target changes take effect immediately
Resolves: rhbz#2057164 (EL9)
firewall - Firewall RHEL System Role should be able to set default zone
Resolves: rhbz#2022461 (EL9)
network - tests_802_1x_nm, tests_802_1x_updated_nm fails because of missing hostapd in EPEL
Resolves: rhbz#2053861 (EL9)
(cherry picked from commit 0b47c4621d3a2e385463729f41aabb0f12c0805f)
sources and .gitignore
ha_cluster - set permissions for haclient group
Resolves: rhbz#2049754 (EL9)
network - Add more bonding options to rhel-system-roles.network
Resolves: rhbz#2054435 (EL9)
network - Fix or remove failing test tests_switch_provider_RHEL9. No package network-scripts available.
Resolves: rhbz#2050362 (EL9)
certificate - should consistently use ansible_managed in hook scripts
Resolves: rhbz#2054368 (EL9)
tlog - consistently use ansible_managed in configuration files managed by role
Resolves: rhbz#2054367 (EL9)
vpn - consistently use ansible_managed in configuration files managed by role
Resolves: rhbz#2054369 (EL9)
ha_cluster - set permissions for haclient group
Resolves: rhbz#2049754 (EL9)
network - Add more bonding options to rhel-system-roles.network
Resolves: rhbz#2054435 (EL9)
network - Fix or remove failing test tests_switch_provider_RHEL9. No package network-scripts available.
Resolves: rhbz#2050362 (EL9)
certificate - should consistently use ansible_managed in hook scripts
Resolves: rhbz#2054368 (EL9)
tlog - consistently use ansible_managed in configuration files managed by role
Resolves: rhbz#2054367 (EL9)
vpn - consistently use ansible_managed in configuration files managed by role
Resolves: rhbz#2054369 (EL9)
(cherry picked from commit 5bc1032e7397cbdf1654c987d0bdfe1fb8ae247c)
sources and .gitignore
vpn - template error while templating string: no filter named 'vpn_ipaddr'
Resolves: rhbz#2050341 (EL9)
kdump - Unable to start service kdump: Job for kdump.service failed because the control process exited with error code.
Resolves: rhbz#2050419 (EL9)
remove collection dependencies on rhel because we vendor them in
(cherry picked from commit ce975e9c62f2bdd2919f4e6f2edfe955e3a96652)
vpn - template error while templating string: no filter named 'vpn_ipaddr'
Resolves: rhbz#2050341 (EL9)
kdump - Unable to start service kdump: Job for kdump.service failed because the control process exited with error code.
Resolves: rhbz#2050419 (EL9)
remove collection dependencies on rhel because we vendor them in
(cherry picked from commit 62325241126fc196a0de1b2ea9fbed8861497f3d)
sources and .gitignore
vpn - use custom vpn_ipaddr filter to make role work on RHEL 8.6 with ansible-core
this is covered by "make roles work with ansible-core on all platforms" BZ
logging - Logging role "logging_purge_confs" option not properly working
Resolves: rhbz#2039106
kernel_settings role should use ansible_managed in its configuration file
Resolves: rhbz#2047506
(cherry picked from commit 585bf2b1d94e1e6e14af4451d21652da3c2cd542)
vpn - use custom vpn_ipaddr filter to make role work on RHEL 8.6 with ansible-core
this is covered by "make roles work with ansible-core on all platforms" BZ
logging - Logging role "logging_purge_confs" option not properly working
Resolves: rhbz#2039106
kernel_settings role should use ansible_managed in its configuration file
Resolves: rhbz#2047506
(cherry picked from commit 136a75679287eb30dc043cee5a59190b10c1e478)
Since Fedora 33, we generate both python3dist(foo.bar) and python3dist(foo-bar)
provides, but we'd like to follow PEP 503 and use only the names with dash.
By using the %py3_dist macro, this remains compatible with EPEL 8
Resolves: rhbz#2012298
(cherry picked from commit 2406e1f14815924cd65b4fdc3cf10c290f206a70)
- Support ansible-core and improve roles:
- selinux: Add support for Rocky Linux 8, fix
ansible_distribution_major_version
- timesync: Support ansible-core, use ansible_managed | comment
- kdump: Support ansible-core, use ansible_managed | comment
- network: Support ansible-core; deprecate RHEL 9 in readme; validate
that ipv6_disabled is conflicting with other settings; specify PCI
address to configure profile - adds match and path settings)
- storage: Support ansible-core, add skip checks feature to speed up
the tests
- logging: Support ansible-core, add the `uid` option for
elasticsearch, improve performance, use ansible_manged | comment
Resolves: rhbz#1990490 (EL9)
- ssh: Use ansible_manged | comment
- sshd: Use ansible_managed | comment
- ha_cluster: Support ansible-core, fix password_hash salt length
- vpn: Support ansible-core, use wait_for_connection instead of
wait_for with ssh
- ansible_managed | comment BZs:
Resolves: rhbz#2006230 (EL9)
- untar the collection tarballs and copy the files
- Add vendoring code for rhel / centos
- selinux: selinux, seboolean, seport, selogin, sefcontext
- storage: mount
- vpn: ipaddr
Resolves: rhbz#2006076 (EL9)
selinux tests_selinux_disabled.yml gives USER_AVC errors, so
add the tag so this test will be skipped by basic smoke test.
Resolves: rhbz#1996315 (EL9)
(cherry picked from commit ebbd49b04d5dced636177d56729fdc50d3a06df5)
