Commit Graph

219 Commits

Author SHA1 Message Date
Rich Megginson
83fcfac874 firewall ipset and tests
firewall - missing module in linux-system-roles.firewall to create an ipset
Resolves:rhbz#2229802
2023-08-09 17:15:48 -06:00
Rich Megginson
faabc68125 podman, firewall, rhc, kdump updates
firewall - fix: reload on resetting to defaults
Resolves:rhbz#2223764

podman - Podman system role:  Unable to use podman_registries_conf to set unqualified-search-registries
Resolves:rhbz#2211984

rhc - baseurl in rhsm.conf is empty when rhc_baseurl is not specified
Resolves:rhbz#2227821

kdump - use failure_action instead of default on EL9 and later
Resolves RHEL-906

firewall - Check mode fails with replacing previous rules
Resolves RHEL-898

firewall - Ansible RHEL firewall system role not idempotent when configuring the interface using the role in rhel9
Resolves RHEL-885

podman - use getsubids to look for subuid, subgid for IdM support
Resolves RHEL-865

podman - allow to not pull images, continue if image pull fails
Resolves RHEL-857
2023-08-02 06:53:15 -06:00
Rich Megginson
9442dd700b systemd role update
systemd - system role for managing systemd units
Resolves:rhbz#2224384
2023-07-26 07:26:51 -06:00
Rich Megginson
e349d4a003 keylime_server role
keylime_server - system role for managing keylime servers
Resolves:rhbz#2224385
2023-07-25 17:07:23 -06:00
Rich Megginson
9129607eee new role systemd; fix fact gathering; podman quadlet; others
firewall - should have option to disable conflicting services
Resolves:rhbz#2222761

podman - allow container networking configuration
Resolves:rhbz#2161712

podman - support for healthchecks and healthcheck actions
Resolves:rhbz#2179457

podman - support quadlet units
Resolves:rhbz#2179455

systemd - system role for managing systemd units
Resolves:rhbz#2224384

ALL - facts being gathered unnecessarily
Resolves:rhbz#2223032

certificate - rhel-system-roles.certificate does not re-issue after updating key_size
Resolves:rhbz#2224138

firewall - Check mode fails when creating new firewall service
Resolves:rhbz#2222428

storage - RAID volume pre cleanup - remove existing data from member disks as needed before creation
Resolves:rhbz#2224090

firewall - when firewalld.service is masked, firewall role fails
Resolves:rhbz#2123859
2023-07-21 08:57:15 -06:00
Rich Megginson
c8785aa8cd certificate and network
certificate - add mode parameter to change permissions for cert files
Resolves:rhbz#2180902

network - Support no-aaaa DNS option
Resolves:rhbz#2218592
2023-07-10 11:16:21 -06:00
Rich Megginson
0efeefa594 certificate and network
certificate - add mode parameter to change permissions for cert files
Resolves:rhbz#2180902

network - Support no-aaaa DNS option
Resolves:rhbz#2218592
2023-07-10 10:58:50 -06:00
Rich Megginson
92a5021ede storage test fix
storage - [RHEL8] Unexpected behavior when creating ext4 filesystem with invalid parameter
Resolves:rhbz#2213691
2023-07-09 17:47:52 -06:00
Rich Megginson
81d4e5f1c1 firewall, ssh
ssh - add ssh_backup option with default true
Resolves:rhbz#2216753

firewall - Don't install python(3)-firewall it's a dependency of firewalld
Resolves:rhbz#2216520
2023-06-23 08:39:32 -06:00
Rich Megginson
f33da7dfae storage resize
storage - Storage: mounted devices that are in use cannot be resized
Resolves:rhbz#2168692
2023-06-22 11:42:46 -06:00
Rich Megginson
e8f086ad49 kdump crashkernel
kdump - support auto_reset_crashkernel, dracut_args, deprecate /etc/sysconfig/kdump
Resolves:rhbz#2211187
2023-06-20 13:00:50 -06:00
Rich Megginson
b6d3c8974e ad_integration - add ad_integration_force_rejoin
ad_integration - add ad_integration_force_rejoin
Resolves:rhbz#2186253
2023-06-07 19:51:13 -06:00
Rich Megginson
c185e917eb updates for network, rhc, selinux, storage
network - Support configuring auto-dns setting
Resolves:rhbz#2211194

rhc - implement rhc_proxy.scheme
Resolves:rhbz#2211748

selinux - use restorecon -T 0 on supported platforms
Resolves:rhbz#2179460

storage - RFE for the storage system role to support configuring the stripe size for RAID LVM volumes
Resolves:rhbz#2181656

storage - [RHEL9]  Failed to commit changes to disk: Failed to format device: Input/output error
Resolves:rhbz#2210916
2023-06-06 16:54:09 -06:00
Rich Megginson
8a3fe12adc storage role update
storage - [RFE] user-specified mount point owner and permissions
Resolves:rhbz#2181657

storage - Cannot set chunk size for RAID: Unsupported parameters for (blivet) module: pools.raid_chunk_size
Resolves:rhbz#2193058

storage - [RHEL9]  Failed to commit changes to disk: Failed to format device: Input/output error
Resolves:rhbz#2210916
2023-05-30 18:51:50 -06:00
Rich Megginson
17eff1975a updates for gather_facts, rhc insights tags, tlog proxy provider
rhc - system role does not apply Insights tags
Resolves:rhbz#2209200

tlog - use the proxy provider - the files provider is deprecated in sssd
Resolves:rhbz#2179458

roles should support running with gather_facts: false
Resolves:rhbz#2190502
2023-05-30 13:01:46 -06:00
Rich Megginson
94fdbccf4d Initial official build for 9.3/8.9 - new role postgresql
fingerprint in config files managed by roles
Resolves:rhbz#2185062

ha_cluster - Add possibility to load SBD watchdog kernel modules
Resolves:rhbz#2185067

ha_cluster - support for resource and operation defaults
Resolves:rhbz#2185065

postgresql - [RFE] system role for PostgreSQL management
Resolves:rhbz#2151373

rhc - [RFE] New role for Red Hat subscription management, insights management [rhel-9.3.0]
Resolves:rhbz#2179026

ha_cluster - use pcs to setup qdevice certificates if available
Resolves:rhbz#2185066

spec: Remove doc fragments from vendored modules
Resolves:rhbz#2185002

use ansible-galaxy collection build/install instead of tar
Resolves:rhbz#2175324

rhc - RHC system role: activation key registration fails if system is already registered
Resolves:rhbz#2186218

selinux - failing test - sshd/tests_firewall_selinux.yml - No package matching 'firewalld' found available, installed or updated
Resolves:rhbz#2190501
2023-05-04 07:52:00 -06:00
Sergei Petrosian
df519d40e3 Remove doc fragments with sed oneliner 2023-04-11 19:01:51 +02:00
Sergei Petrosian
7d7acf657f Add changelog entry and bump release 2023-04-06 15:05:09 +02:00
Sergei Petrosian
7557e6a1ad Remove doc_fragments from vendored modules and fix collection_artifact 2023-04-06 15:04:58 +02:00
Rich Megginson
b3d9ac7c21 rhc - New Role - Red Hat subscription management, insights management
rhc - New Role - Red Hat subscription management, insights management
Resolves:rhbz#2141330
2023-03-16 18:40:15 -06:00
Rich Megginson
1c7276f10a remove rhc role for now
Resolves:rhbz#2141330 : rhc - new role for subscription management/registration/insights
remove role until https://bugzilla.redhat.com/show_bug.cgi?id=2171829 is fixed
2023-02-27 12:02:13 -07:00
Rich Megginson
a742d407f4 network - RedHat Role rhel-system-roles.network should route traffic via correct bond
network - RedHat Role rhel-system-roles.network should route traffic via correct bond
Resolves:rhbz#2168735
2023-02-20 10:36:05 -07:00
Rich Megginson
0d789e9ce6 rhc - vendor in modules; ha_cluster - stonith watchdog
rhc - new role for subscription management/registration/insights
Resolves:rhbz#2141330

ha_cluster - Fix stonith watchdog timeout
Resolves:rhbz#2167528
2023-02-16 10:41:02 -07:00
Rich Megginson
cabddb158e New role rhc; fix ad_integration network DNS issue
rhc - new role for subscription management/registration/insights
Resolves:rhbz#2141330

ad_integration - fix issue with using the network role to configure DNS
2023-02-15 17:59:41 -07:00
Rich Megginson
9f4adf5a90 Fix selinux idempotency; fix nbde_server test problem
selinux - managing modules is not idempotent
Resolves:rhbz#2160152

fix nbde_server test problem
2023-02-09 18:31:03 -07:00
Rich Megginson
fbebdc0522 Add journald role; nbde_client fixes; selinux idempotency; storage and podman tests
journald - New role - journald - manage systemd-journald
Resolves:rhbz#2165175

nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data
Resolves:rhbz#2162782

selinux - managing modules is not idempotent
Resolves:rhbz#2160152

fix storage tests_swap and tests_misc - swap size < 128GB on EL7
fix podman general-meta issue
2023-02-03 16:05:35 -07:00
Rich Megginson
ea1134c9da Sync with Fedora; network fact gathering
network - role should support running tests with ANSIBLE_GATHERING=explicit
Resolves:rhbz#2100559

Synchronize automation-related changes from Fedora spec file
Resolves:rhbz#2149678
2023-01-26 16:11:05 -07:00
Rich Megginson
33ef5a3554 ha_cluster updates; community.general 6.2.0; community.general fixup for rhc
ha_cluster - Allow quorum device configuration
Resolves:rhbz#2140804

ha_cluster - Allow enabled SBD on disabled cluster
Resolves:rhbz#2153030

ha_cluster - use no_log in tasks looping over pot. secret parameters
Resolves:rhbz#2143816

community.general 6.2.0

replace community.general with namespace.name for rhc role
2023-01-13 08:39:57 -07:00
Rich Megginson
bae56b6fff storage package update
storage - [RHEL9]  ansible.parsing.yaml.objects.AnsibleUnicode object' has no attribute 'bytes'
Resolves:rhbz#2143246

storage - [RHEL9] disks_needed need to be set for the raid test cases
Resolves:rhbz#2128467

storage - [RHEL9 system role]  storage role vdo tests failed about  "VDO deduplication is off but it should not"
Resolves:rhbz#2123594

storage - [RHEL9] tests_create_thinp_then_remove_scsi_generated.yml failed at "assertion": "(storage_test_expected_size|int - storage_test_actual_size.bytes)|abs / storage_test_expected_size|int < 0.01"
Resolves:rhbz#2153660
2022-12-16 18:51:15 -07:00
Rich Megginson
0621b174f7 tlog update
tlog - Unconditionally enable the files provider
Resolves:rhbz#2153043
2022-12-15 10:35:21 -07:00
Rich Megginson
78984f79cc logging update to fix tests
logging - [RFE] convert logging role to use firewall, selinux role, and certificate role
Resolves:rhbz#2130357
2022-12-13 17:52:26 -07:00
Rich Megginson
859c62e8ac updates for firewall, ha_cluster, network, podman
ha_cluster - [RFE] convert ha_cluster role to use firewall, selinux and certificate role
Resolves:rhbz#2130010

network - Support cloned MAC address
Resolves:rhbz#2143768

podman - [RFE] role for managing podman containers and systemd
Resolves:rhbz#2143427
2022-12-12 16:11:59 -07:00
Rich Megginson
67796884eb ad_integration - new role
ad_integration - [RFE] new role to support AD integration, join to AD domain
Resolves:rhbz#2140795
2022-12-06 15:04:02 -07:00
Rich Megginson
2d2b6ec124 logging update to fix tests_relp
logging - [RFE] convert logging role to use firewall, selinux role, and certificate role
Resolves:rhbz#2130357
2022-12-05 12:56:07 -07:00
Rich Megginson
fa1e1b4eb0 nbde_client update
nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names
Resolves:rhbz#2126959
2022-12-05 09:31:38 -07:00
Rich Megginson
1bbeb1905f additional fixes for nbde_server role
nbde_server - [RFE] convert nbde_server role to use firewall and selinux role
Resolves:rhbz#2133930
2022-11-29 18:28:41 -07:00
Rich Megginson
d559ac49cc use firewall, selinux, certificate roles in other system roles
cockpit - [RFE] convert cockpit role to use firewall, selinux role, and certificate role
Resolves:rhbz#2137663

logging - [RFE] convert logging role to use firewall, selinux role, and certificate role
Resolves:rhbz#2130357

metrics - [RFE] convert metrics role to use firewall and selinux role
Resolves:rhbz#2133528

nbde_server - [RFE] convert nbde_server role to use firewall and selinux role
Resolves:rhbz#2133930

postfix - [RFE] convert postfix role to use firewall and selinux role
Resolves:rhbz#2130329

vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid
Resolves:rhbz#2119102

vpn - [RFE] convert vpn role to use firewall and selinux role
Resolves:rhbz#2130344
2022-11-22 15:30:40 -07:00
Rich Megginson
ecbb91abc4 new role - podman
podman - [RFE] role for managing podman containers and systemd
Resolves:rhbz#2143427
2022-11-22 12:46:03 -07:00
Rich Megginson
f6f24d8216 selinux - local parameter; fix templating; ssh,sshd RequiredRSASize
selinux - add support for the 'local' parameter
Resolves:rhbz#2128843

sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found
Resolves:rhbz#2129401

ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles [rhel-9.2.0]
Resolves:rhbz#2130969
2022-11-16 13:33:26 -07:00
Rich Megginson
96972c5408 network role changes for release 1.21.0 - part 2
make network role support ansible-core 2.14
fix md to adoc to html conversion for vpn and ha_cluster

network - [RFE] Support setting the metric of the default route for initscripts provider
Resolves:rhbz#2134202

network - [RFE] Support the DNS priority
Resolves:rhbz#2133858

network - Support looking up named route table in routing rule
Resolves:rhbz#2131293

network - tests_bond_options_nm.yml failing, Cannot find device "nm-bond"
Resolves:rhbz#2123311
2022-11-15 14:30:38 -07:00
Rich Megginson
611d1d3a0b network role changes for release 1.21.0
network - [RFE] Support setting the metric of the default route for initscripts provider
Resolves:rhbz#2134202

network - [RFE] Support the DNS priority
Resolves:rhbz#2133858

network - Support looking up named route table in routing rule
Resolves:rhbz#2131293

network - tests_bond_options_nm.yml failing, Cannot find device "nm-bond"
Resolves:rhbz#2123311
2022-11-08 15:38:08 -07:00
Rich Megginson
ba4945ee89 Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles
ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles
Resolves:rhbz#2129873
2022-09-27 16:25:36 -06:00
Rich Megginson
3c8b93e26e change release to 1
cockpit - Add customization of port
Resolves:rhbz#2115152

firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID
Resolves:rhbz#2100942

firewall - support for firewall_config - gather firewall facts
Resolves:rhbz#2115154

logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs
Resolves:rhbz#2112145

selinux - Added setting of seuser and selevel for completeness
Resolves:rhbz#2115157

nbde_client - Sets proper spacing for parameter rd.neednet=1
Resolves:rhbz#2115156

ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing
Resolves:rhbz#2109998

storage - [RHEL9] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.
Resolves:rhbz#2082736

network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence
Resolves:rhbz#2115886
2022-08-09 11:29:38 -06:00
Rich Megginson
4e1fefa681 Support for CHANGELOG.md; features and fixes for cockpit, logging, firewalll, etc.
cockpit - Add customization of port
Resolves:rhbz#2115152

firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID
Resolves:rhbz#2100942

firewall - support for firewall_config - gather firewall facts
Resolves:rhbz#2115154

logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs
Resolves:rhbz#2112145

selinux - Added setting of seuser and selevel for completeness
Resolves:rhbz#2115157

nbde_client - Sets proper spacing for parameter rd.neednet=1
Resolves:rhbz#2115156

ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing
Resolves:rhbz#2109998

storage - [RHEL9] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.
Resolves:rhbz#2082736

network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence
Resolves:rhbz#2115886
2022-08-09 11:08:23 -06:00
Rich Megginson
4fa14cd469 min_ansible_version; ansible-core 2.13; fixes for several roles - sources and .gitignore
sources and .gitignore

[RHEL9] _storage_test_pool_pvs get wrong data type in  test-verify-pool-members.yml
Resolves: rhbz#2044119

[RFE] [network] Support managing the network through nmstate schema
Resolves: rhbz#2072385

storage - support for adding/removing disks to/from storage pools
Resolves: rhbz#2072742

storage - support for attaching cache volumes to existing volumes
Resolves: rhbz#2072746

crypto_policies - rhel 8.7 default policy is FUTURE not DEFAULT
Resolves: rhbz#2100251

document minimum supported redis version required by rhel-system-roles
Resolves: rhbz#2100286

firewall - support add/modify/delete services
Resolves: rhbz#2100292

metrics - restart pmie, pmlogger if changed, do not wait for handler
Resolves: rhbz#2100294

forward_port should accept list of string or list of dict
Resolves: rhbz#2100605
2022-07-01 11:33:36 -06:00
Rich Megginson
a3a2acd87e min_ansible_version; ansible-core 2.13; fixes for several roles
[RHEL9] _storage_test_pool_pvs get wrong data type in  test-verify-pool-members.yml
Resolves: rhbz#2044119

[RFE] [network] Support managing the network through nmstate schema
Resolves: rhbz#2072385

storage - support for adding/removing disks to/from storage pools
Resolves: rhbz#2072742

storage - support for attaching cache volumes to existing volumes
Resolves: rhbz#2072746

crypto_policies - rhel 8.7 default policy is FUTURE not DEFAULT
Resolves: rhbz#2100251

document minimum supported redis version required by rhel-system-roles
Resolves: rhbz#2100286

firewall - support add/modify/delete services
Resolves: rhbz#2100292

metrics - restart pmie, pmlogger if changed, do not wait for handler
Resolves: rhbz#2100294

forward_port should accept list of string or list of dict
Resolves: rhbz#2100605
2022-07-01 11:32:05 -06:00
Rich Megginson
c8b609abd4 sshd - fix ansible 2.9 support in meta/main.yml
sshd - fix ansible 2.9 support in meta/main.yml
Resolves: rhbz#2052086 (9.1.0)
2022-06-15 18:41:42 -06:00
Rich Megginson
8734be5269 sshd - fix ansible 2.9 support in meta/main.yml
sshd - fix ansible 2.9 support in meta/main.yml
Resolves: rhbz#2052086 (9.1.0)
2022-06-15 18:39:02 -06:00
Rich Megginson
62b86a01a8 storage, logging, ha_cluster, sshd - minor issues - sources and .gitignore
sources and .gitignore

storage - fix coverity scan issue in blivet.py
Resolves: rhbz#2072745 (9.1.0)

logging - fix gather_facts/set_vars issue
Resolves: rhbz#2078989 (9.1.0)

ha_cluster - Move tasks that set up CI environment to roles tasks/ dir
Resolves: rhbz#2093438 (9.1.0)

sshd - fix tests issue with rhel9 hosts
2022-06-13 11:05:00 -06:00
Rich Megginson
9d20456a2b storage, logging, ha_cluster, sshd - minor issues
storage - fix coverity scan issue in blivet.py
Resolves: rhbz#2072745 (9.1.0)

logging - fix gather_facts/set_vars issue
Resolves: rhbz#2078989 (9.1.0)

ha_cluster - Move tasks that set up CI environment to roles tasks/ dir
Resolves: rhbz#2093438 (9.1.0)

sshd - fix tests issue with rhel9 hosts
2022-06-13 11:02:57 -06:00