Commit Graph

100 Commits

Author SHA1 Message Date
Rich Megginson
bea518c9cd system roles update 1.23.0-2.5
Resolves: RHEL-16336 - bootloader - Create bootloader role (MVP)
2024-01-15 15:12:10 -07:00
Rich Megginson
709df3b6b5 system roles update 1.23.0-2.4
Resolves: RHEL-3253 : RHEL for Edge support in system roles
  updated several roles with ostree improvements
  metrics role support
Resolves: RHEL-16541 : fapolicyd - feat: Import code for fapolicyd system role
  several role improvements
Resolves: RHEL-18026 : ha_cluster - fix: set sbd.service timeout based on SBD_START_DELAY
Resolves: RHEL-19046 : logging - fix: avoid conf of RatelimitBurst when RatelimitInterval is zero
Resolves: RHEL-13760 : metrics - [RFE] Metrics system role support for configuring PMIE webhooks
Resolves: RHEL-19241 : podman - fix: add no_log: true for tasks that can log secret data
Resolves: RHEL-18962 : postgresql - feat: enable using postgresql 16
Resolves: RHEL-16976 : rhc - rhc: support RHEL 7 managed nodes
Resolves: RHEL-19040 : selinux - fix: no longer use "item" as a loop variable
Resolves: RHEL-19043 : selinux - fix: Print an error message when module to be created doesn't exist
Resolves: RHEL-1535 : storage - Basic support for creating shared logical volumes
2023-12-12 15:01:24 -07:00
Rich Megginson
a2e3bb2669 System Roles update 1.23.0-2.3
Resolves: RHEL-17875
ha_cluster - high-availability firewall service is not added on qdevice node
2023-12-01 09:00:59 -07:00
Rich Megginson
d276fb22ac System Roles update 1.23.0-2.2
Resolves: RHEL-3253
RHEL for Edge support in system roles
vpn - fix issue with test cleanup
2023-11-30 18:14:20 -07:00
Rich Megginson
e24387006f System Roles update 1.23.0-2.1
Resolves: RHEL-3253
RHEL for Edge support in system roles
except for nbde_client, rhc, metrics

Resolves: RHEL-17668
ad_integration - feat: Add sssd custom settings

Resolves: RHEL-16541
fapolicyd - feat: Import code for fapolicyd system role

Resolves: RHEL-15910
ha_cluster - [RFE] HA Cluster system role should be able to enable Resilient Storage repository

Resolves: RHEL-15908
ha_cluster - [FutureFeature] Allow ha_cluster role to configure all qdevice options

Resolves: RHEL-15876
ha_cluster - [FutureFeature] Allow ha_cluster role to configure fencing topology

Resolves: RHEL-3353
kdump - fix: retry read of kexec_crash_size

Resolves: RHEL-15932
logging - feat: Add support for the global config option preserveFQDN with a new logg…

Resolves: RHEL-15439
logging - feat: Add support for general queue and general action parameters

Resolves: RHEL-15037
logging - fix: check that logging_max_message_size is set, not rsyslog_max_message_size

Resolves: RHEL-13760
metrics - [RFE] Metrics system role support for configuring PMIE webhooks

Resolves: RHEL-1683
network - Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"

Resolves: RHEL-15870
selinux - fix: Use `ignore_selinux_state` module option

Resolves: RHEL-16212
storage - feat: Support for creating volumes without a FS
2023-11-30 14:05:59 -07:00
Sergei Petrosian
5542a97786 Update 1.23.0-2
- Resolves: RHEL-1118 ad_integration: Support for dynamic DNS Updates
  Update to a new version with fixed tests
2023-11-09 14:55:35 +01:00
Sergei Petrosian
60cb7be6dc Update 1.23.0-1
- Resolves: RHEL-5346 spec - Remove with_html, instead use built-in
.README.html
- Resolves: RHEL-5972 ansible-sshd - Manage SSH certificates
- rhbz#2223764: Remove ad_integration patch and use the latest
ad_integration
  version instead. Vendor community-general.ini_files for
- RHEL-1118: ad_integration: Support for dynamic DNS Updates
- Change link to open new issue in galaxy.yml from deprecated BZ to Jira
2023-10-27 12:43:12 +02:00
Rich Megginson
a0cc364663 second RC for 1.22.0 rhel 8.9 and 9.3
Resolves:rhbz#2232241
kdump - "Write new authorized_keys if needed" task idempotency issues

Resolves:rhbz#2232231
kdump - system role fails if kdump_ssh_user doesn't have a .ssh/authorized_keys file in home directory

Resolves RHEL-1397
kdump - fix: ensure .ssh directory exists for kdump_ssh_user on kdump_ssh_server

Resolves RHEL-1499
kdump - fix: Ensure authorized_keys management works with multiple hosts

Resolves:rhbz#2223764
firewall - fix: reload on resetting to defaults

Resolves RHEL-1495
firewall - fix: files: overwrite firewalld.conf on previous replaced

Resolves RHEL-1497
storage - fix: use stat.pw_name, stat.gr_name instead of owner, group

  sshd README remove upstream only docs
  first RC for 1.22.0 rhel 8.9 and 9.3
  fix firewall reload test gather facts
2023-08-21 14:00:39 -06:00
Rich Megginson
374357ec37 first RC candidate for 8.9/9.3 - 1.22.0-1
Resolves:rhbz#2223764 : firewall - fix: reload on resetting to defaults
sshd README remove upstream only docs
first RC for 1.22.0 rhel 8.9 and 9.3
2023-08-15 11:12:02 -06:00
Rich Megginson
05326c5f92 podman rootless quadlets, secrets
Resolves:rhbz#2179455
podman - support quadlet units
Fix rootless quadlets, secrets
2023-08-10 08:31:49 -06:00
Rich Megginson
83fcfac874 firewall ipset and tests
firewall - missing module in linux-system-roles.firewall to create an ipset
Resolves:rhbz#2229802
2023-08-09 17:15:48 -06:00
Rich Megginson
faabc68125 podman, firewall, rhc, kdump updates
firewall - fix: reload on resetting to defaults
Resolves:rhbz#2223764

podman - Podman system role:  Unable to use podman_registries_conf to set unqualified-search-registries
Resolves:rhbz#2211984

rhc - baseurl in rhsm.conf is empty when rhc_baseurl is not specified
Resolves:rhbz#2227821

kdump - use failure_action instead of default on EL9 and later
Resolves RHEL-906

firewall - Check mode fails with replacing previous rules
Resolves RHEL-898

firewall - Ansible RHEL firewall system role not idempotent when configuring the interface using the role in rhel9
Resolves RHEL-885

podman - use getsubids to look for subuid, subgid for IdM support
Resolves RHEL-865

podman - allow to not pull images, continue if image pull fails
Resolves RHEL-857
2023-08-02 06:53:15 -06:00
Rich Megginson
9442dd700b systemd role update
systemd - system role for managing systemd units
Resolves:rhbz#2224384
2023-07-26 07:26:51 -06:00
Rich Megginson
e349d4a003 keylime_server role
keylime_server - system role for managing keylime servers
Resolves:rhbz#2224385
2023-07-25 17:07:23 -06:00
Rich Megginson
9129607eee new role systemd; fix fact gathering; podman quadlet; others
firewall - should have option to disable conflicting services
Resolves:rhbz#2222761

podman - allow container networking configuration
Resolves:rhbz#2161712

podman - support for healthchecks and healthcheck actions
Resolves:rhbz#2179457

podman - support quadlet units
Resolves:rhbz#2179455

systemd - system role for managing systemd units
Resolves:rhbz#2224384

ALL - facts being gathered unnecessarily
Resolves:rhbz#2223032

certificate - rhel-system-roles.certificate does not re-issue after updating key_size
Resolves:rhbz#2224138

firewall - Check mode fails when creating new firewall service
Resolves:rhbz#2222428

storage - RAID volume pre cleanup - remove existing data from member disks as needed before creation
Resolves:rhbz#2224090

firewall - when firewalld.service is masked, firewall role fails
Resolves:rhbz#2123859
2023-07-21 08:57:15 -06:00
Rich Megginson
0efeefa594 certificate and network
certificate - add mode parameter to change permissions for cert files
Resolves:rhbz#2180902

network - Support no-aaaa DNS option
Resolves:rhbz#2218592
2023-07-10 10:58:50 -06:00
Rich Megginson
92a5021ede storage test fix
storage - [RHEL8] Unexpected behavior when creating ext4 filesystem with invalid parameter
Resolves:rhbz#2213691
2023-07-09 17:47:52 -06:00
Rich Megginson
81d4e5f1c1 firewall, ssh
ssh - add ssh_backup option with default true
Resolves:rhbz#2216753

firewall - Don't install python(3)-firewall it's a dependency of firewalld
Resolves:rhbz#2216520
2023-06-23 08:39:32 -06:00
Rich Megginson
f33da7dfae storage resize
storage - Storage: mounted devices that are in use cannot be resized
Resolves:rhbz#2168692
2023-06-22 11:42:46 -06:00
Rich Megginson
e8f086ad49 kdump crashkernel
kdump - support auto_reset_crashkernel, dracut_args, deprecate /etc/sysconfig/kdump
Resolves:rhbz#2211187
2023-06-20 13:00:50 -06:00
Rich Megginson
b6d3c8974e ad_integration - add ad_integration_force_rejoin
ad_integration - add ad_integration_force_rejoin
Resolves:rhbz#2186253
2023-06-07 19:51:13 -06:00
Rich Megginson
c185e917eb updates for network, rhc, selinux, storage
network - Support configuring auto-dns setting
Resolves:rhbz#2211194

rhc - implement rhc_proxy.scheme
Resolves:rhbz#2211748

selinux - use restorecon -T 0 on supported platforms
Resolves:rhbz#2179460

storage - RFE for the storage system role to support configuring the stripe size for RAID LVM volumes
Resolves:rhbz#2181656

storage - [RHEL9]  Failed to commit changes to disk: Failed to format device: Input/output error
Resolves:rhbz#2210916
2023-06-06 16:54:09 -06:00
Rich Megginson
8a3fe12adc storage role update
storage - [RFE] user-specified mount point owner and permissions
Resolves:rhbz#2181657

storage - Cannot set chunk size for RAID: Unsupported parameters for (blivet) module: pools.raid_chunk_size
Resolves:rhbz#2193058

storage - [RHEL9]  Failed to commit changes to disk: Failed to format device: Input/output error
Resolves:rhbz#2210916
2023-05-30 18:51:50 -06:00
Rich Megginson
17eff1975a updates for gather_facts, rhc insights tags, tlog proxy provider
rhc - system role does not apply Insights tags
Resolves:rhbz#2209200

tlog - use the proxy provider - the files provider is deprecated in sssd
Resolves:rhbz#2179458

roles should support running with gather_facts: false
Resolves:rhbz#2190502
2023-05-30 13:01:46 -06:00
Rich Megginson
94fdbccf4d Initial official build for 9.3/8.9 - new role postgresql
fingerprint in config files managed by roles
Resolves:rhbz#2185062

ha_cluster - Add possibility to load SBD watchdog kernel modules
Resolves:rhbz#2185067

ha_cluster - support for resource and operation defaults
Resolves:rhbz#2185065

postgresql - [RFE] system role for PostgreSQL management
Resolves:rhbz#2151373

rhc - [RFE] New role for Red Hat subscription management, insights management [rhel-9.3.0]
Resolves:rhbz#2179026

ha_cluster - use pcs to setup qdevice certificates if available
Resolves:rhbz#2185066

spec: Remove doc fragments from vendored modules
Resolves:rhbz#2185002

use ansible-galaxy collection build/install instead of tar
Resolves:rhbz#2175324

rhc - RHC system role: activation key registration fails if system is already registered
Resolves:rhbz#2186218

selinux - failing test - sshd/tests_firewall_selinux.yml - No package matching 'firewalld' found available, installed or updated
Resolves:rhbz#2190501
2023-05-04 07:52:00 -06:00
Rich Megginson
b3d9ac7c21 rhc - New Role - Red Hat subscription management, insights management
rhc - New Role - Red Hat subscription management, insights management
Resolves:rhbz#2141330
2023-03-16 18:40:15 -06:00
Rich Megginson
a742d407f4 network - RedHat Role rhel-system-roles.network should route traffic via correct bond
network - RedHat Role rhel-system-roles.network should route traffic via correct bond
Resolves:rhbz#2168735
2023-02-20 10:36:05 -07:00
Rich Megginson
0d789e9ce6 rhc - vendor in modules; ha_cluster - stonith watchdog
rhc - new role for subscription management/registration/insights
Resolves:rhbz#2141330

ha_cluster - Fix stonith watchdog timeout
Resolves:rhbz#2167528
2023-02-16 10:41:02 -07:00
Rich Megginson
cabddb158e New role rhc; fix ad_integration network DNS issue
rhc - new role for subscription management/registration/insights
Resolves:rhbz#2141330

ad_integration - fix issue with using the network role to configure DNS
2023-02-15 17:59:41 -07:00
Rich Megginson
9f4adf5a90 Fix selinux idempotency; fix nbde_server test problem
selinux - managing modules is not idempotent
Resolves:rhbz#2160152

fix nbde_server test problem
2023-02-09 18:31:03 -07:00
Rich Megginson
fbebdc0522 Add journald role; nbde_client fixes; selinux idempotency; storage and podman tests
journald - New role - journald - manage systemd-journald
Resolves:rhbz#2165175

nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data
Resolves:rhbz#2162782

selinux - managing modules is not idempotent
Resolves:rhbz#2160152

fix storage tests_swap and tests_misc - swap size < 128GB on EL7
fix podman general-meta issue
2023-02-03 16:05:35 -07:00
Rich Megginson
ea1134c9da Sync with Fedora; network fact gathering
network - role should support running tests with ANSIBLE_GATHERING=explicit
Resolves:rhbz#2100559

Synchronize automation-related changes from Fedora spec file
Resolves:rhbz#2149678
2023-01-26 16:11:05 -07:00
Rich Megginson
33ef5a3554 ha_cluster updates; community.general 6.2.0; community.general fixup for rhc
ha_cluster - Allow quorum device configuration
Resolves:rhbz#2140804

ha_cluster - Allow enabled SBD on disabled cluster
Resolves:rhbz#2153030

ha_cluster - use no_log in tasks looping over pot. secret parameters
Resolves:rhbz#2143816

community.general 6.2.0

replace community.general with namespace.name for rhc role
2023-01-13 08:39:57 -07:00
Rich Megginson
bae56b6fff storage package update
storage - [RHEL9]  ansible.parsing.yaml.objects.AnsibleUnicode object' has no attribute 'bytes'
Resolves:rhbz#2143246

storage - [RHEL9] disks_needed need to be set for the raid test cases
Resolves:rhbz#2128467

storage - [RHEL9 system role]  storage role vdo tests failed about  "VDO deduplication is off but it should not"
Resolves:rhbz#2123594

storage - [RHEL9] tests_create_thinp_then_remove_scsi_generated.yml failed at "assertion": "(storage_test_expected_size|int - storage_test_actual_size.bytes)|abs / storage_test_expected_size|int < 0.01"
Resolves:rhbz#2153660
2022-12-16 18:51:15 -07:00
Rich Megginson
0621b174f7 tlog update
tlog - Unconditionally enable the files provider
Resolves:rhbz#2153043
2022-12-15 10:35:21 -07:00
Rich Megginson
78984f79cc logging update to fix tests
logging - [RFE] convert logging role to use firewall, selinux role, and certificate role
Resolves:rhbz#2130357
2022-12-13 17:52:26 -07:00
Rich Megginson
859c62e8ac updates for firewall, ha_cluster, network, podman
ha_cluster - [RFE] convert ha_cluster role to use firewall, selinux and certificate role
Resolves:rhbz#2130010

network - Support cloned MAC address
Resolves:rhbz#2143768

podman - [RFE] role for managing podman containers and systemd
Resolves:rhbz#2143427
2022-12-12 16:11:59 -07:00
Rich Megginson
67796884eb ad_integration - new role
ad_integration - [RFE] new role to support AD integration, join to AD domain
Resolves:rhbz#2140795
2022-12-06 15:04:02 -07:00
Rich Megginson
2d2b6ec124 logging update to fix tests_relp
logging - [RFE] convert logging role to use firewall, selinux role, and certificate role
Resolves:rhbz#2130357
2022-12-05 12:56:07 -07:00
Rich Megginson
fa1e1b4eb0 nbde_client update
nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names
Resolves:rhbz#2126959
2022-12-05 09:31:38 -07:00
Rich Megginson
1bbeb1905f additional fixes for nbde_server role
nbde_server - [RFE] convert nbde_server role to use firewall and selinux role
Resolves:rhbz#2133930
2022-11-29 18:28:41 -07:00
Rich Megginson
d559ac49cc use firewall, selinux, certificate roles in other system roles
cockpit - [RFE] convert cockpit role to use firewall, selinux role, and certificate role
Resolves:rhbz#2137663

logging - [RFE] convert logging role to use firewall, selinux role, and certificate role
Resolves:rhbz#2130357

metrics - [RFE] convert metrics role to use firewall and selinux role
Resolves:rhbz#2133528

nbde_server - [RFE] convert nbde_server role to use firewall and selinux role
Resolves:rhbz#2133930

postfix - [RFE] convert postfix role to use firewall and selinux role
Resolves:rhbz#2130329

vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid
Resolves:rhbz#2119102

vpn - [RFE] convert vpn role to use firewall and selinux role
Resolves:rhbz#2130344
2022-11-22 15:30:40 -07:00
Rich Megginson
ecbb91abc4 new role - podman
podman - [RFE] role for managing podman containers and systemd
Resolves:rhbz#2143427
2022-11-22 12:46:03 -07:00
Rich Megginson
f6f24d8216 selinux - local parameter; fix templating; ssh,sshd RequiredRSASize
selinux - add support for the 'local' parameter
Resolves:rhbz#2128843

sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found
Resolves:rhbz#2129401

ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles [rhel-9.2.0]
Resolves:rhbz#2130969
2022-11-16 13:33:26 -07:00
Rich Megginson
96972c5408 network role changes for release 1.21.0 - part 2
make network role support ansible-core 2.14
fix md to adoc to html conversion for vpn and ha_cluster

network - [RFE] Support setting the metric of the default route for initscripts provider
Resolves:rhbz#2134202

network - [RFE] Support the DNS priority
Resolves:rhbz#2133858

network - Support looking up named route table in routing rule
Resolves:rhbz#2131293

network - tests_bond_options_nm.yml failing, Cannot find device "nm-bond"
Resolves:rhbz#2123311
2022-11-15 14:30:38 -07:00
Rich Megginson
611d1d3a0b network role changes for release 1.21.0
network - [RFE] Support setting the metric of the default route for initscripts provider
Resolves:rhbz#2134202

network - [RFE] Support the DNS priority
Resolves:rhbz#2133858

network - Support looking up named route table in routing rule
Resolves:rhbz#2131293

network - tests_bond_options_nm.yml failing, Cannot find device "nm-bond"
Resolves:rhbz#2123311
2022-11-08 15:38:08 -07:00
Rich Megginson
4e1fefa681 Support for CHANGELOG.md; features and fixes for cockpit, logging, firewalll, etc.
cockpit - Add customization of port
Resolves:rhbz#2115152

firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID
Resolves:rhbz#2100942

firewall - support for firewall_config - gather firewall facts
Resolves:rhbz#2115154

logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs
Resolves:rhbz#2112145

selinux - Added setting of seuser and selevel for completeness
Resolves:rhbz#2115157

nbde_client - Sets proper spacing for parameter rd.neednet=1
Resolves:rhbz#2115156

ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing
Resolves:rhbz#2109998

storage - [RHEL9] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.
Resolves:rhbz#2082736

network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence
Resolves:rhbz#2115886
2022-08-09 11:08:23 -06:00
Rich Megginson
4fa14cd469 min_ansible_version; ansible-core 2.13; fixes for several roles - sources and .gitignore
sources and .gitignore

[RHEL9] _storage_test_pool_pvs get wrong data type in  test-verify-pool-members.yml
Resolves: rhbz#2044119

[RFE] [network] Support managing the network through nmstate schema
Resolves: rhbz#2072385

storage - support for adding/removing disks to/from storage pools
Resolves: rhbz#2072742

storage - support for attaching cache volumes to existing volumes
Resolves: rhbz#2072746

crypto_policies - rhel 8.7 default policy is FUTURE not DEFAULT
Resolves: rhbz#2100251

document minimum supported redis version required by rhel-system-roles
Resolves: rhbz#2100286

firewall - support add/modify/delete services
Resolves: rhbz#2100292

metrics - restart pmie, pmlogger if changed, do not wait for handler
Resolves: rhbz#2100294

forward_port should accept list of string or list of dict
Resolves: rhbz#2100605
2022-07-01 11:33:36 -06:00
Rich Megginson
c8b609abd4 sshd - fix ansible 2.9 support in meta/main.yml
sshd - fix ansible 2.9 support in meta/main.yml
Resolves: rhbz#2052086 (9.1.0)
2022-06-15 18:41:42 -06:00
Rich Megginson
62b86a01a8 storage, logging, ha_cluster, sshd - minor issues - sources and .gitignore
sources and .gitignore

storage - fix coverity scan issue in blivet.py
Resolves: rhbz#2072745 (9.1.0)

logging - fix gather_facts/set_vars issue
Resolves: rhbz#2078989 (9.1.0)

ha_cluster - Move tasks that set up CI environment to roles tasks/ dir
Resolves: rhbz#2093438 (9.1.0)

sshd - fix tests issue with rhel9 hosts
2022-06-13 11:05:00 -06:00