12 changed files with 1195 additions and 835 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,34 +1,188 @@
-SOURCES/ad_integration-1.4.2.tar.gz
-SOURCES/ansible-posix-1.5.4.tar.gz
-SOURCES/ansible-sshd-v0.23.2.tar.gz
-SOURCES/auto-maintenance-11ad785c9bb72611244e7909450ca4247e12db4d.tar.gz
-SOURCES/bootloader-1.0.3.tar.gz
-SOURCES/certificate-1.3.3.tar.gz
-SOURCES/cockpit-1.5.5.tar.gz
-SOURCES/community-general-8.3.0.tar.gz
-SOURCES/containers-podman-1.12.0.tar.gz
-SOURCES/crypto_policies-1.3.2.tar.gz
-SOURCES/fapolicyd-1.1.1.tar.gz
-SOURCES/firewall-1.7.4.tar.gz
-SOURCES/ha_cluster-1.14.0.tar.gz
-SOURCES/journald-1.2.3.tar.gz
-SOURCES/kdump-1.4.4.tar.gz
-SOURCES/kernel_settings-1.2.2.tar.gz
-SOURCES/keylime_server-1.1.2.tar.gz
-SOURCES/logging-1.12.4.tar.gz
-SOURCES/metrics-1.10.1.tar.gz
-SOURCES/nbde_client-1.2.17.tar.gz
-SOURCES/nbde_server-1.4.3.tar.gz
-SOURCES/network-1.15.1.tar.gz
-SOURCES/podman-1.4.7.tar.gz
-SOURCES/postfix-1.4.3.tar.gz
-SOURCES/postgresql-1.3.5.tar.gz
-SOURCES/rhc-1.6.0.tar.gz
-SOURCES/selinux-1.7.4.tar.gz
-SOURCES/snapshot-1.3.1.tar.gz
-SOURCES/ssh-1.3.2.tar.gz
-SOURCES/storage-1.16.2.tar.gz
-SOURCES/systemd-1.1.2.tar.gz
-SOURCES/timesync-1.8.2.tar.gz
-SOURCES/tlog-1.3.3.tar.gz
-SOURCES/vpn-1.6.3.tar.gz
+/ad_integration-1.4.4.tar.gz
+/ansible-posix-1.5.4.tar.gz
+/ansible-sshd-v0.23.5.tar.gz
+/auto-maintenance-1.76.2.tar.gz
+/bootloader-1.0.4.tar.gz
+/certificate-1.3.4.tar.gz
+/cockpit-1.5.6.tar.gz
+/community-general-8.5.0.tar.gz
+/containers-podman-1.12.1.tar.gz
+/crypto_policies-1.3.3.tar.gz
+/fapolicyd-1.1.2.tar.gz
+/firewall-1.7.5.tar.gz
+/ha_cluster-1.16.0.tar.gz
+/journald-1.3.0.tar.gz
+/kdump-1.4.5.tar.gz
+/kernel_settings-1.2.3.tar.gz
+/keylime_server-1.1.3.tar.gz
+/logging-1.12.6.tar.gz
+/metrics-1.10.2.tar.gz
+/nbde_client-1.2.18.tar.gz
+/nbde_server-1.4.4.tar.gz
+/network-1.15.2.tar.gz
+/podman-1.4.9.tar.gz
+/postfix-1.4.4.tar.gz
+/postgresql-1.3.6.tar.gz
+/rhc-1.6.3.tar.gz
+/selinux-1.7.5.tar.gz
+/snapshot-1.3.2.tar.gz
+/ssh-1.3.3.tar.gz
+/storage-1.16.4.tar.gz
+/systemd-1.1.3.tar.gz
+/timesync-1.8.3.tar.gz
+/tlog-1.3.4.tar.gz
+/vpn-1.6.4.tar.gz
+/community-general-8.6.0.tar.gz
+/storage-1.16.5.tar.gz
+/nbde_client-1.2.19.tar.gz
+/ha_cluster-1.17.0.tar.gz
+/podman-1.5.0.tar.gz
+/bootloader-1.0.5.tar.gz
+/auto-maintenance-1.78.0.tar.gz
+/gfs2-0.0.1.tar.gz
+/containers-podman-1.13.0.tar.gz
+/firewall-1.7.6.tar.gz
+/gfs2-0.0.2.tar.gz
+/logging-1.12.7.tar.gz
+/snapshot-1.3.3.tar.gz
+/sudo-0.1.0.tar.gz
+/community-general-9.0.1.tar.gz
+/containers-podman-1.15.2.tar.gz
+/auto-maintenance-42955a38fe071d2ac0fc2c99277832d5cb935d71.tar.gz
+/postfix-1.4.5.tar.gz
+/selinux-1.7.6.tar.gz
+/timesync-1.8.4.tar.gz
+/kdump-1.4.6.tar.gz
+/network-1.15.3.tar.gz
+/storage-1.17.0.tar.gz
+/metrics-1.10.3.tar.gz
+/tlog-1.3.5.tar.gz
+/kernel_settings-1.2.4.tar.gz
+/logging-1.12.8.tar.gz
+/nbde_server-1.4.5.tar.gz
+/nbde_client-1.2.20.tar.gz
+/certificate-1.3.5.tar.gz
+/crypto_policies-1.3.4.tar.gz
+/ssh-1.4.0.tar.gz
+/ha_cluster-1.17.1.tar.gz
+/vpn-1.6.5.tar.gz
+/firewall-1.7.7.tar.gz
+/cockpit-1.5.7.tar.gz
+/podman-1.5.1.tar.gz
+/ad_integration-1.4.5.tar.gz
+/rhc-1.6.4.tar.gz
+/journald-1.3.1.tar.gz
+/postgresql-1.3.7.tar.gz
+/systemd-1.1.4.tar.gz
+/keylime_server-1.1.4.tar.gz
+/fapolicyd-1.1.3.tar.gz
+/bootloader-1.0.6.tar.gz
+/gfs2-0.0.3.tar.gz
+/sudo-1.0.0.tar.gz
+/auto-maintenance-1.79.0.tar.gz
+/auto-maintenance-1.82.0.tar.gz
+/selinux-1.7.7.tar.gz
+/kdump-1.4.7.tar.gz
+/network-1.15.4.tar.gz
+/storage-1.17.1.tar.gz
+/tlog-1.3.6.tar.gz
+/kernel_settings-1.2.5.tar.gz
+/logging-1.12.9.tar.gz
+/nbde_server-1.4.6.tar.gz
+/nbde_client-1.3.0.tar.gz
+/certificate-1.3.6.tar.gz
+/crypto_policies-1.3.5.tar.gz
+/ssh-1.4.1.tar.gz
+/ha_cluster-1.18.0.tar.gz
+/vpn-1.6.6.tar.gz
+/firewall-1.7.8.tar.gz
+/cockpit-1.5.8.tar.gz
+/ad_integration-1.4.6.tar.gz
+/rhc-1.6.5.tar.gz
+/journald-1.3.2.tar.gz
+/postgresql-1.3.8.tar.gz
+/systemd-1.1.5.tar.gz
+/keylime_server-1.1.5.tar.gz
+/fapolicyd-1.1.4.tar.gz
+/bootloader-1.0.7.tar.gz
+/gfs2-0.0.4.tar.gz
+/sudo-1.0.1.tar.gz
+/community-general-9.1.0.tar.gz
+/containers-podman-1.15.3.tar.gz
+/auto-maintenance-1.83.0.tar.gz
+/community-general-9.2.0.tar.gz
+/containers-podman-1.15.4.tar.gz
+/metrics-1.10.4.tar.gz
+/postfix-1.5.0.tar.gz
+/snapshot-1.4.0.tar.gz
+/timesync-1.8.5.tar.gz
+/ansible-sshd-v0.24.1.tar.gz
+/auto-maintenance-1.84.0.tar.gz
+/cockpit-1.5.9.tar.gz
+/firewall-1.8.0.tar.gz
+/logging-1.13.0.tar.gz
+/network-1.15.5.tar.gz
+/podman-1.5.2.tar.gz
+/selinux-1.8.0.tar.gz
+/storage-1.18.0.tar.gz
+/systemd-1.2.0.tar.gz
+/metrics-1.10.5.tar.gz
+/auto-maintenance-1.85.0.tar.gz
+/postfix-1.5.1.tar.gz
+/timesync-1.8.6.tar.gz
+/network-1.15.6.tar.gz
+/storage-1.18.1.tar.gz
+/kernel_settings-1.3.0.tar.gz
+/logging-1.13.1.tar.gz
+/nbde_server-1.4.7.tar.gz
+/crypto_policies-1.4.0.tar.gz
+/ssh-1.5.0.tar.gz
+/ha_cluster-1.19.0.tar.gz
+/podman-1.5.3.tar.gz
+/sudo-1.1.0.tar.gz
+/auto-maintenance-1.86.0.tar.gz
+/network-1.16.0.tar.gz
+/rhc-1.6.6.tar.gz
+/storage-1.18.2.tar.gz
+/kernel_settings-1.3.1.tar.gz
+/community-general-9.3.0.tar.gz
+/auto-maintenance-1.87.0.tar.gz
+/storage-1.18.3.tar.gz
+/timesync-1.9.0.tar.gz
+/network-1.16.1.tar.gz
+/podman-1.6.0.tar.gz
+/snapshot-1.4.1.tar.gz
+/storage-1.18.4.tar.gz
+/auto-maintenance-1.87.2.tar.gz
+/ansible-sshd-4478b2bbe0c7e258be669d4c53c37975207cf41b.tar.gz
+/journald-1.3.3.tar.gz
+/metrics-1.10.6.tar.gz
+/network-1.16.2.tar.gz
+/podman-1.6.1.tar.gz
+/storage-1.18.5.tar.gz
+/auto-maintenance-1.88.0.tar.gz
+/ansible-sshd-v0.25.0.tar.gz
+/fapolicyd-1.1.5.tar.gz
+/ha_cluster-1.19.1.tar.gz
+/network-1.16.3.tar.gz
+/auto-maintenance-1.88.2.tar.gz
+/cockpit-1.5.10.tar.gz
+/fapolicyd-1.1.6.tar.gz
+/podman-1.6.2.tar.gz
+/storage-1.18.6.tar.gz
+/ha_cluster-1.19.2.tar.gz
+/auto-maintenance-1.88.3.tar.gz
+/gfs2-1.0.0.tar.gz
+/network-1.16.4.tar.gz
+/auto-maintenance-1.88.4.tar.gz
+/kernel_settings-1.3.2.tar.gz
+/auto-maintenance-1.88.7.tar.gz
+/fapolicyd-1.1.7.tar.gz
+/logging-1.13.2.tar.gz
+/podman-1.6.3.tar.gz
+/storage-1.18.7.tar.gz
+/auto-maintenance-1.88.8.tar.gz
+/podman-1.6.4.tar.gz
+/logging-1.13.3.tar.gz
+/auto-maintenance-1.88.9.tar.gz
+/logging-1.13.4.tar.gz
--- a/SOURCES/CHANGELOG.md
+++ b/SOURCES/CHANGELOG.md
@ -1,112 +1,166 @@
 Changelog
 =========
+[1.88.9] - 2024-09-13
+
+### New Features
+
+- [bootloader - bootloader role tests do not work on ostree [rhel-10]](https://issues.redhat.com/browse/RHEL-34881)
+- [gfs2 - add gfs2 system role [rhel-10]](https://issues.redhat.com/browse/RHEL-34828)
+- [ha_cluster - [RFE] rhel_system_roles.ha_cluster - ACL Support [rhel-10]](https://issues.redhat.com/browse/RHEL-34898)
+- [ha_cluster - [RFE] make it easier to install cloud agents [rhel-10]](https://issues.redhat.com/browse/RHEL-34894)
+- [ha_cluster - [RFE] ha_cluster_node_options allows per-node addresses and SBD options to be set [rhel-10]](https://issues.redhat.com/browse/RHEL-34893)
+- [ha_cluster - [RFE] rhel_system_roles.ha_cluster - Utilization Support [rhel-10]](https://issues.redhat.com/browse/RHEL-34885)
+- [ha_cluster - alerts support](https://issues.redhat.com/browse/RHEL-45285)
+- [journald - feat: Add options for rate limit interval and burst [rhel-10]](https://issues.redhat.com/browse/RHEL-34892)
+- [logging - RFE - system-roles - logging: Add truncate options for local file inputs](https://issues.redhat.com/browse/RHEL-48609)
+- [logging - redhat.rhel_system_roles.logging role fails to process logging_outputs: of type: "custom"](https://issues.redhat.com/browse/RHEL-50288)
+- [logging - [RFE] Add the umask settings or enable a variable in linux-system-roles.logging](https://issues.redhat.com/browse/RHEL-50289)
+- [nbde_client - feat: Allow initrd configuration to be skipped](https://issues.redhat.com/browse/RHEL-45718)
+- [network - support route src parameter](https://issues.redhat.com/browse/RHEL-53901)
+- [podman - podman role should support containers-auth.json [rhel-10]](https://issues.redhat.com/browse/RHEL-34891)
+- [podman - podman role should support default credentials and per-unit credentials [rhel-10]](https://issues.redhat.com/browse/RHEL-34890)
+- [podman - feat: manage TLS cert/key files for registry connections and validate certs [rhel-10]](https://issues.redhat.com/browse/RHEL-34884)
+- [postfix - feat: Added postfix_files feature as a simple means to add extra files/maps to config](https://issues.redhat.com/browse/RHEL-46855)
+- [snapshot - feat: rewrite snapshot.py as an Ansible module / add support for thin origins](https://issues.redhat.com/browse/RHEL-48230)
+- [ssh - feat: Add new configuration options and remove false positives in the test](https://issues.redhat.com/browse/RHEL-40181)
+- [storage - Fingerprint storage RHEL System Role managed config files](https://issues.redhat.com/browse/RHEL-50291)
+- [storage - [RFE] manage stratis [rhel-10]](https://issues.redhat.com/browse/RHEL-40798)
+- [storage - [RHEL9][RFE] resize LVM PVs [rhel-10]](https://issues.redhat.com/browse/RHEL-40797)
+- [sudo - Add sudo system role EL10](https://issues.redhat.com/browse/RHEL-37551)
+
+### Bug Fixes
+
+- [ - package rhel-system-roles.noarch does not provide docs for ansible-doc [rhel-10]](https://issues.redhat.com/browse/RHEL-34897)
+- [ad_integration - fix: Sets domain name lower case in realmd.conf section header [rhel-10]](https://issues.redhat.com/browse/RHEL-34883)
+- [bootloader - fix: Set user.cfg path to /boot/grub2/ on EL 9 UEFI [rhel-10]](https://issues.redhat.com/browse/RHEL-40759)
+- [cockpit - cockpit install all wildcard match does not work in newer el9](https://issues.redhat.com/browse/RHEL-45944)
+- [ha_cluster - Fix inconsistent approach for multiple `attributes.attrs` in `ha_cluster_node_options` [rhel-10]](https://issues.redhat.com/browse/RHEL-34886)
+- [ha_cluster - Fixes for new pcs and ansible](https://issues.redhat.com/browse/RHEL-55296)
+- [kdump - [RHEL-10] rhel-system-roles should depend on kdump-utils](https://issues.redhat.com/browse/RHEL-40071)
+- [kernel_settings - fix: Use tuned files instead of using it as a module](https://issues.redhat.com/browse/RHEL-53897)
+- [logging - Setup imuxsock using rhel-system-roles.logging causing an error EL10](https://issues.redhat.com/browse/RHEL-38456)
+- [network - Make sure that the network role CI is solid robust [rhel-10]](https://issues.redhat.com/browse/RHEL-34896)
+- [network - Fix testing Failures due to connection.autoconnect-ports Unknown Property [rhel-10]](https://issues.redhat.com/browse/RHEL-34887)
+- [podman - Create podman secret when skip_existing=True and it does not exist [rhel-10]](https://issues.redhat.com/browse/RHEL-40795)
+- [podman - fix: proper cleanup for networks; ensure cleanup of resources](https://issues.redhat.com/browse/RHEL-50104)
+- [podman - fix: grab name of network to remove from quadlet file](https://issues.redhat.com/browse/RHEL-40760)
+- [podman - fix: use correct user for cancel linger file name [rhel-10]](https://issues.redhat.com/browse/RHEL-34889)
+- [podman - fix: do not use become for changing hostdir ownership, and expose subuid/subgid info [rhel-10]](https://issues.redhat.com/browse/RHEL-34888)
+- [podman - fails to configure and run containers with podman rootless using different username and groupname](https://issues.redhat.com/browse/RHEL-57100)
+- [rhc - fix: drop usage of "auto_attach" of the "redhat_subscription" module](https://issues.redhat.com/browse/RHEL-53905)
+- [sshd - second SSHD service broken [rhel-10]](https://issues.redhat.com/browse/RHEL-34879)
+- [storage - [RHEL8 ] var unused_disks get different sector size disks    [rhel-10]](https://issues.redhat.com/browse/RHEL-40796)
+- [storage - rhel-system-role.storage is not idempotent [rhel-10]](https://issues.redhat.com/browse/RHEL-34895)
+
 [1.23.0] - 2024-01-15
 ----------------------------

 ### New Features

- [RHEL for Edge support in system roles](https://issues.redhat.com/browse/RHEL-15872)
- [ad_integration - feat: Add sssd custom settings](https://issues.redhat.com/browse/RHEL-17667)
- [ad_integration - Enable AD dynamic DNS updates](https://issues.redhat.com/browse/RHEL-1119)
- [ad_integration - feat: add ad_integration_preserve_authselect_profile](https://issues.redhat.com/browse/RHEL-21383)
- [ad_integration - feat: Add SSSD parameters support](https://issues.redhat.com/browse/RHEL-21134)
- [bootloader - Create bootloader role (MVP)](https://issues.redhat.com/browse/RHEL-3241)
- [fapolicyd - feat: Import code for fapolicyd system role](https://issues.redhat.com/browse/RHEL-16542)
- [ha_cluster - [RFE] HA Cluster system role should be able to enable Resilient Storage repository](https://issues.redhat.com/browse/RHEL-14090)
- [ha_cluster - [FutureFeature] Allow ha_cluster role to configure fencing topology](https://issues.redhat.com/browse/RHEL-4624)
- [ha_cluster - [FutureFeature] Allow ha_cluster role to configure all qdevice options](https://issues.redhat.com/browse/RHEL-3264)
- [ha_cluster - Setting cluster members attributes](https://issues.redhat.com/browse/RHEL-22108)
- [journald - feat: Add support for ForwardToSyslog](https://issues.redhat.com/browse/RHEL-21123)
- [logging - feat: Add support for the global config option preserveFQDN with a new logg…](https://issues.redhat.com/browse/RHEL-15933)
- [logging - feat: Add support for general queue and general action parameters](https://issues.redhat.com/browse/RHEL-15440)
- [metrics - [RFE] Metrics system role support for configuring PMIE webhooks](https://issues.redhat.com/browse/RHEL-18170)
- [network - Add blackhole type route](https://issues.redhat.com/browse/RHEL-21491)
- [postgresql - feat: Enable support for Postgresql 16](https://issues.redhat.com/browse/RHEL-18963)
- [rhc - support RHEL 7 managed nodes](https://issues.redhat.com/browse/RHEL-16977)
- [rhc - new rhc_insights.ansible_host parameter](https://issues.redhat.com/browse/RHEL-16975)
- [rhc - new rhc_insights.display_name parameter](https://issues.redhat.com/browse/RHEL-16965)
- [snapshot - New Role for storage snapshot management (lvm, etc.)](https://issues.redhat.com/browse/RHEL-16553)
- [sshd - ansible-sshd Manage SSH certificates](https://issues.redhat.com/browse/RHEL-5985)
- [storage - feat: Support for creating volumes without a FS](https://issues.redhat.com/browse/RHEL-16213)
- [storage - Basic support for creating shared logical volumes (RHEL 8)](https://issues.redhat.com/browse/RHEL-14022)
+- [Use .README.html in spec instead of generating it](https://issues.redhat.com/browse/RHEL-5346)
+- [RHEL for Edge support in system roles](https://issues.redhat.com/browse/RHEL-3253)
+- [ad_integration - feat: Add sssd custom settings](https://issues.redhat.com/browse/RHEL-17668)
+- [ad_integration - Enable AD dynamic DNS updates](https://issues.redhat.com/browse/RHEL-1118)
+- [ad_integration - feat: add ad_integration_preserve_authselect_profile](https://issues.redhat.com/browse/RHEL-21382)
+- [ad_integration - feat: Add SSSD parameters support](https://issues.redhat.com/browse/RHEL-21133)
+- [bootloader - Create bootloader role (MVP)](https://issues.redhat.com/browse/RHEL-16336)
+- [fapolicyd - feat: Import code for fapolicyd system role](https://issues.redhat.com/browse/RHEL-16541)
+- [ha_cluster - [RFE] HA Cluster system role should be able to enable Resilient Storage repository](https://issues.redhat.com/browse/RHEL-15910)
+- [ha_cluster - [FutureFeature] Allow ha_cluster role to configure all qdevice options](https://issues.redhat.com/browse/RHEL-15908)
+- [ha_cluster - [FutureFeature] Allow ha_cluster role to configure fencing topology](https://issues.redhat.com/browse/RHEL-15876)
+- [ha_cluster - Setting cluster members attributes](https://issues.redhat.com/browse/RHEL-22106)
+- [journald - feat: Add support for ForwardToSyslog](https://issues.redhat.com/browse/RHEL-21117)
+- [logging - feat: Add support for the global config option preserveFQDN](https://issues.redhat.com/browse/RHEL-15932)
+- [logging - feat: Add support for general queue and general action parameters](https://issues.redhat.com/browse/RHEL-15439)
+- [metrics - [RFE] Metrics system role support for configuring PMIE webhooks](https://issues.redhat.com/browse/RHEL-13760)
+- [network - Add blackhole type route](https://issues.redhat.com/browse/RHEL-19579)
+- [postgresql - feat: Enable support for Postgresql 16](https://issues.redhat.com/browse/RHEL-18962)
+- [rhc - support RHEL 7 managed nodes](https://issues.redhat.com/browse/RHEL-16976)
+- [rhc - new rhc_insights.ansible_host parameter](https://issues.redhat.com/browse/RHEL-16974)
+- [rhc - new rhc_insights.display_name parameter](https://issues.redhat.com/browse/RHEL-16964)
+- [snapshot - New Role for storage snapshot management (lvm, etc.)](https://issues.redhat.com/browse/RHEL-16552)
+- [sshd - ansible-sshd Manage SSH certificates](https://issues.redhat.com/browse/RHEL-5972)
+- [storage - feat: Support for creating volumes without a FS](https://issues.redhat.com/browse/RHEL-16212)
+- [storage - Basic support for creating shared logical volumes](https://issues.redhat.com/browse/RHEL-1535)

 ### Bug Fixes

- [ha_cluster - high-availability firewall service is not added on qdevice node](https://issues.redhat.com/browse/RHEL-17874)
- [ha_cluster - Timeout issue between SBD with delay-start and systemd unit](https://issues.redhat.com/browse/RHEL-4684)
- [kdump - fix: retry read of kexec_crash_size](https://issues.redhat.com/browse/RHEL-3354)
- [keylime_server - won't detect registrar start failure](https://issues.redhat.com/browse/RHEL-21946)
- [logging - fix: check that logging_max_message_size is set, not rsyslog_max_message_size](https://issues.redhat.com/browse/RHEL-15038)
- [nbde_server - fix: Allow tangd socket override directory to be managed outside of the role](https://issues.redhat.com/browse/RHEL-25509)
- [network - Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"](https://issues.redhat.com/browse/RHEL-16501)
- [podman - fix: cast secret data to string in order to allow JSON valued strings](https://issues.redhat.com/browse/RHEL-22310)
- [podman - fix: name of volume quadlet service should be basename-volume.service](https://issues.redhat.com/browse/RHEL-21402)
- [podman - fix: add no_log: true for tasks that can log secret data](https://issues.redhat.com/browse/RHEL-19242)
- [podman - fix: user linger needed before secrets](https://issues.redhat.com/browse/RHEL-22229)
- [postgresql - PostgreSQL system role: unable to install PostgreSQL version 15 on RHEL 9](https://issues.redhat.com/browse/RHEL-21400)
- [selinux - fix: Use `ignore_selinux_state` module option](https://issues.redhat.com/browse/RHEL-15871)
- [selinux - fix: Print an error message when module to be created doesn't exist](https://issues.redhat.com/browse/RHEL-19044)
- [selinux - fix: no longer use "item" as a loop variable](https://issues.redhat.com/browse/RHEL-19042)
+- [ha_cluster - high-availability firewall service is not added on qdevice node](https://issues.redhat.com/browse/RHEL-17875)
+- [ha_cluster - Timeout issue between SBD with delay-start and systemd unit](https://issues.redhat.com/browse/RHEL-18026)
+- [kdump - fix: retry read of kexec_crash_size](https://issues.redhat.com/browse/RHEL-3353)
+- [keylime_server - won't detect registrar start failure](https://issues.redhat.com/browse/RHEL-15909)
+- [logging - fix: check that logging_max_message_size is set, not rsyslog_max_message_size](https://issues.redhat.com/browse/RHEL-15037)
+- [logging - fix: avoid conf of RatelimitBurst when RatelimitInterval is zero](https://issues.redhat.com/browse/RHEL-19046)
+- [nbde_server - fix: Allow tangd socket override directory to be managed outside of the role](https://issues.redhat.com/browse/RHEL-25508)
+- [network - Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"](https://issues.redhat.com/browse/RHEL-1683)
+- [podman - fix: add no_log: true for tasks that can log secret data](https://issues.redhat.com/browse/RHEL-19241)
+- [podman - fix: cast secret data to string in order to allow JSON valued strings](https://issues.redhat.com/browse/RHEL-22309)
+- [podman - fix: name of volume quadlet service should be basename-volume.service](https://issues.redhat.com/browse/RHEL-21401)
+- [podman - fix: user linger needed before secrets](https://issues.redhat.com/browse/RHEL-22228)
+- [postgresql - unable to install PostgreSQL version 15 on RHEL](https://issues.redhat.com/browse/RHEL-5274)
+- [selinux - fix: Use `ignore_selinux_state` module option](https://issues.redhat.com/browse/RHEL-15870)
+- [selinux - fix: Print an error message when module to be created doesn't exist](https://issues.redhat.com/browse/RHEL-19043)
+- [selinux - fix: no longer use "item" as a loop variable](https://issues.redhat.com/browse/RHEL-19040)

 [1.22.0] - 2023-08-15
 ----------------------------

 ### New Features

- [ALL - fingerprint in config files managed by roles](https://bugzilla.redhat.com/show_bug.cgi?id=2186910)
- [ad_integration - add ad_integration_force_rejoin](https://bugzilla.redhat.com/show_bug.cgi?id=2211723)
- [certificate - add mode parameter to change permissions for cert files](https://bugzilla.redhat.com/show_bug.cgi?id=2218204)
- [firewall - missing module in linux-system-roles.firewall to create an ipset](https://bugzilla.redhat.com/show_bug.cgi?id=2140880)
- [firewall - fix: reload on resetting to defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2224648)
- [firewall - should have option to disable conflicting services](https://bugzilla.redhat.com/show_bug.cgi?id=2222809)
- [ha_cluster - Add possibility to load SBD watchdog kernel modules](https://bugzilla.redhat.com/show_bug.cgi?id=2190478)
- [ha_cluster - cluster and quorum can have distinct passwords](https://bugzilla.redhat.com/show_bug.cgi?id=2216485)
- [ha_cluster - support for resource and operation defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2190483)
- [kdump - support auto_reset_crashkernel, dracut_args, deprecate /etc/sysconfig/kdump](https://bugzilla.redhat.com/show_bug.cgi?id=2211272)
- [keylime_server - system role for managing keylime servers](https://bugzilla.redhat.com/show_bug.cgi?id=2224387)
- [network - Support configuring auto-dns setting](https://bugzilla.redhat.com/show_bug.cgi?id=2211273)
- [network - Support no-aaaa DNS option](https://bugzilla.redhat.com/show_bug.cgi?id=2218595)
- [podman - allow container networking configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2220963)
- [podman - support for healthchecks and healthcheck actions](https://bugzilla.redhat.com/show_bug.cgi?id=2220961)
- [podman - support quadlet units](https://bugzilla.redhat.com/show_bug.cgi?id=2220962)
- [postgresql - [RFE] system role for PostgreSQL management](https://bugzilla.redhat.com/show_bug.cgi?id=2151371)
- [rhc - implement rhc_proxy.scheme](https://bugzilla.redhat.com/show_bug.cgi?id=2211778)
- [rhc - [RFE] New role for Red Hat subscription management, insights management [rhel-8.9.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2179016)
- [ssh - add ssh_backup option with default true](https://bugzilla.redhat.com/show_bug.cgi?id=2216759)
- [storage - RFE for the storage system role to support configuring the stripe size for RAID LVM volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2141961)
- [storage - [RFE] user-specified mount point owner and permissions](https://bugzilla.redhat.com/show_bug.cgi?id=2181661)
- [systemd - system role for managing systemd units](https://bugzilla.redhat.com/show_bug.cgi?id=2224388)
+- [ALL - fingerprint in config files managed by roles](https://bugzilla.redhat.com/show_bug.cgi?id=2185062)
+- [ad_integration - add ad_integration_force_rejoin](https://bugzilla.redhat.com/show_bug.cgi?id=2186253)
+- [certificate - add mode parameter to change permissions for cert files](https://bugzilla.redhat.com/show_bug.cgi?id=2180902)
+- [firewall - missing module in linux-system-roles.firewall to create an ipset](https://bugzilla.redhat.com/show_bug.cgi?id=2229802)
+- [firewall - should have option to disable conflicting services](https://bugzilla.redhat.com/show_bug.cgi?id=2222761)
+- [ha_cluster - Add possibility to load SBD watchdog kernel modules](https://bugzilla.redhat.com/show_bug.cgi?id=2185067)
+- [ha_cluster - support for resource and operation defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2185065)
+- [kdump - support auto_reset_crashkernel, dracut_args, deprecate /etc/sysconfig/kdump](https://bugzilla.redhat.com/show_bug.cgi?id=2211187)
+- [keylime_server - New role - system role for managing keylime servers](https://bugzilla.redhat.com/show_bug.cgi?id=2224385)
+- [network - Support no-aaaa DNS option](https://bugzilla.redhat.com/show_bug.cgi?id=2218592)
+- [network - Support configuring auto-dns setting](https://bugzilla.redhat.com/show_bug.cgi?id=2211194)
+- [podman - support quadlet units](https://bugzilla.redhat.com/show_bug.cgi?id=2179455)
+- [podman - allow container networking configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2161712)
+- [podman - support for healthchecks and healthcheck actions](https://bugzilla.redhat.com/show_bug.cgi?id=2179457)
+- [podman - use getsubids to look for subuid, subgid for IdM support](https://issues.redhat.com/browse/RHEL-865)
+- [podman - allow to not pull images, continue if image pull fails](https://issues.redhat.com/browse/RHEL-857)
+- [postgresql - New role - system role for PostgreSQL management](https://bugzilla.redhat.com/show_bug.cgi?id=2151373)
+- [rhc - implement rhc_proxy.scheme](https://bugzilla.redhat.com/show_bug.cgi?id=2211748)
+- [selinux - use restorecon -T 0 on supported platforms](https://bugzilla.redhat.com/show_bug.cgi?id=2179460)
+- [ssh - add ssh_backup option with default true](https://bugzilla.redhat.com/show_bug.cgi?id=2216753)
+- [storage - mounted devices that are in use cannot be resized](https://bugzilla.redhat.com/show_bug.cgi?id=2168692)
+- [storage - support configuring the stripe size for RAID LVM volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2181656)
+- [storage - user-specified mount point owner and permissions](https://bugzilla.redhat.com/show_bug.cgi?id=2181657)
+- [systemd - New role - system role for managing systemd units](https://bugzilla.redhat.com/show_bug.cgi?id=2224384)

 ### Bug Fixes

- [ALL - facts being gathered unnecessarily](https://bugzilla.redhat.com/show_bug.cgi?id=2223036)
- [ad_integration - leaks credentials when in check_mode](https://bugzilla.redhat.com/show_bug.cgi?id=2233183)
- [certificate - rhel-system-roles.certificate does not re-issue after updating key_size](https://bugzilla.redhat.com/show_bug.cgi?id=2186057)
- [firewall - fix: reload on resetting to defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2224648)
- [firewall - Check mode fails with replacing previous rules](https://issues.redhat.com/browse/RHEL-899)
- [firewall - Check mode fails when creating new firewall service](https://bugzilla.redhat.com/show_bug.cgi?id=2222433)
- [firewall - Ansible RHEL firewall system role not idempotent when configuring the interface using the role in rhel9](https://issues.redhat.com/browse/RHEL-918)
- [firewall - Don't install python(3)-firewall it's a dependency of firewalld](https://bugzilla.redhat.com/show_bug.cgi?id=2216521)
- [firewall - fix: files: overwrite firewalld.conf on previous replaced](https://issues.redhat.com/browse/RHEL-1496)
- [kdump - use failure_action instead of default on EL9 and later](https://issues.redhat.com/browse/RHEL-907)
- [kdump - role: "Write new authorized_keys if needed" task idempotency issues](https://bugzilla.redhat.com/show_bug.cgi?id=2232391)
- [kdump - system role fails if kdump_ssh_user doesn't have a .ssh/authorized_keys file in home directory](https://bugzilla.redhat.com/show_bug.cgi?id=2232392)
- [kdump - fix: ensure .ssh directory exists for kdump_ssh_user on kdump_ssh_server](https://issues.redhat.com/browse/RHEL-1398)
- [kdump - fix: Ensure authorized_keys management works with multiple hosts](https://issues.redhat.com/browse/RHEL-1500)
- [podman - Podman system role:  Unable to use podman_registries_conf to set unqualified-search-registries](https://bugzilla.redhat.com/show_bug.cgi?id=2226077)
- [rhc - system role does not apply Insights tags](https://bugzilla.redhat.com/show_bug.cgi?id=2209441)
- [storage - Cannot set chunk size for RAID: Unsupported parameters for (blivet) module: pools.raid_chunk_size](https://bugzilla.redhat.com/show_bug.cgi?id=2193057)
- [storage - RAID volume pre cleanup - remove existing data from member disks as needed before creation](https://bugzilla.redhat.com/show_bug.cgi?id=2224094)
- [storage - Storage: mounted devices that are in use cannot be resized](https://bugzilla.redhat.com/show_bug.cgi?id=2168738)
- [storage - fix: use stat.pw_name, stat.gr_name instead of owner, group](https://issues.redhat.com/browse/RHEL-1498)
- [tlog - use the proxy provider - the files provider is deprecated in sssd](https://bugzilla.redhat.com/show_bug.cgi?id=2191702)
+- [ALL - facts being gathered unnecessarily](https://bugzilla.redhat.com/show_bug.cgi?id=2223032)
+- [ad_integration - leaks credentials when in check_mode](https://bugzilla.redhat.com/show_bug.cgi?id=2232758)
+- [certificate - does not re-issue after updating key_size](https://bugzilla.redhat.com/show_bug.cgi?id=2224138)
+- [firewall - fix: reload on resetting to defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2223764)
+- [firewall - Check mode fails with replacing previous rules](https://issues.redhat.com/browse/RHEL-898)
+- [firewall - Check mode fails when creating new firewall service](https://bugzilla.redhat.com/show_bug.cgi?id=2222428)
+- [firewall - Ansible RHEL firewall system role not idempotent when configuring the interface using the role in rhel9](https://issues.redhat.com/browse/RHEL-885)
+- [firewall - Don't install python(3)-firewall it's a dependency of firewalld](https://bugzilla.redhat.com/show_bug.cgi?id=2216520)
+- [firewall - fix: files: overwrite firewalld.conf on previous replaced](https://issues.redhat.com/browse/RHEL-1495)
+- [kdump - use failure_action instead of default on EL9 and later](https://issues.redhat.com/browse/RHEL-906)
+- [kdump - "Write new authorized_keys if needed" task idempotency issues](https://bugzilla.redhat.com/show_bug.cgi?id=2232241)
+- [kdump - system role fails if kdump_ssh_user doesn't have a .ssh/authorized_keys file in home directory](https://bugzilla.redhat.com/show_bug.cgi?id=2232231)
+- [kdump - fix: ensure .ssh directory exists for kdump_ssh_user on kdump_ssh_server](https://issues.redhat.com/browse/RHEL-1397)
+- [kdump - fix: Ensure authorized_keys management works with multiple hosts](https://issues.redhat.com/browse/RHEL-1499)
+- [podman - Podman system role:  Unable to use podman_registries_conf to set unqualified-search-registries](https://bugzilla.redhat.com/show_bug.cgi?id=2211984)
+- [rhc - system role does not apply Insights tags](https://bugzilla.redhat.com/show_bug.cgi?id=2209200)
+- [storage - RAID volume pre cleanup - remove existing data from member disks as needed before creation](https://bugzilla.redhat.com/show_bug.cgi?id=2224090)
+- [storage - Cannot set chunk size for RAID: Unsupported parameters for (blivet) module: pools.raid_chunk_size](https://bugzilla.redhat.com/show_bug.cgi?id=2193058)
+- [storage - fix: use stat.pw_name, stat.gr_name instead of owner, group](https://issues.redhat.com/browse/RHEL-1497)
+- [tlog - use the proxy provider - the files provider is deprecated in sssd](https://bugzilla.redhat.com/show_bug.cgi?id=2179458)

 [1.21.1] - 2023-03-16
 ----------------------------

 ### New Features

- [rhc - New Role - Red Hat subscription management, insights management](https://bugzilla.redhat.com/show_bug.cgi?id=2144877)
+- [rhc - New Role - Red Hat subscription management, insights management](https://bugzilla.redhat.com/show_bug.cgi?id=2141330)

 ### Bug Fixes

@ -117,76 +171,88 @@ Changelog

 ### New Features

- [ad_integration - [RFE] new role to support AD integration, join to AD domain](https://bugilla.redhat.com/show_bug.cgi?id=2144876)
- [cockpit - [RFE] convert cockpit role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2137667)
- [ha_cluster - Allow quorum device configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2143814)
- [ha_cluster - [RFE] convert ha_cluster role to use firewall, selinux and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130019)
- [journald - New role - journald - manage systemd-journald](https://bugzilla.redhat.com/show_bug.cgi?id=2165176)
- [logging - [RFE] convert logging role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130362)
- [metrics - [RFE] convert metrics role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133532)
- [nbde_server - [RFE] convert nbde_server role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133931)
- [network - Support cloned MAC address](https://bugzilla.redhat.com/show_bug.cgi?id=2143458)
- [network - [RFE] Support setting the metric of the default route for initscripts provider](https://bugzilla.redhat.com/show_bug.cgi?id=2134201)
- [network - [RFE] Support the DNS priority](https://bugzilla.redhat.com/show_bug.cgi?id=2133856)
- [network - Support looking up named route table in routing rule](https://bugzilla.redhat.com/show_bug.cgi?id=2129620)
- [podman - [RFE] role for managing podman containers and systemd](https://bugzilla.redhat.com/show_bug.cgi?id=2066864)
- [postfix - [RFE] convert postfix role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130332)
- [selinux - add support for the 'local' parameter](https://bugzilla.redhat.com/show_bug.cgi?id=2143385)
- [vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid](https://bugzilla.redhat.com/show_bug.cgi?id=2119600)
- [vpn - [RFE] convert vpn role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130345)
+- [ad_integration - New role - manage AD integration, join to AD domain](https://bugzilla.redhat.com/show_bug.cgi?id=2140795)
+- [cockpit - convert cockpit role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2137663)
+- [ha_cluster - Allow quorum device configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2140804)
+- [ha_cluster - convert ha_cluster role to use firewall, selinux and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130010)
+- [journald - New role - manage systemd-journald](https://bugzilla.redhat.com/show_bug.cgi?id=2165175)
+- [logging - convert logging role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130357)
+- [metrics - convert metrics role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133528)
+- [nbde_server - convert nbde_server role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133930)
+- [network - Support cloned MAC address](https://bugzilla.redhat.com/show_bug.cgi?id=2143768)
+- [network - Support setting the metric of the default route for initscripts provider](https://bugzilla.redhat.com/show_bug.cgi?id=2134202)
+- [network - Support the DNS priority](https://bugzilla.redhat.com/show_bug.cgi?id=2133858)
+- [network - Support looking up named route table in routing rule](https://bugzilla.redhat.com/show_bug.cgi?id=2131293)
+- [podman - New role - manage podman containers and systemd](https://bugzilla.redhat.com/show_bug.cgi?id=2143427)
+- [postfix - convert postfix role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130329)
+- [selinux - add support for the 'local' parameter](https://bugzilla.redhat.com/show_bug.cgi?id=2128843)
+- [vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid](https://bugzilla.redhat.com/show_bug.cgi?id=2119102)
+- [vpn - convert vpn role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130344)

 ### Bug Fixes

- [ha_cluster - Fix stonith watchdog timeout](https://bugzilla.redhat.com/show_bug.cgi?id=2167941)
- [ha_cluster - Allow enabled SBD on disabled cluster](https://bugzilla.redhat.com/show_bug.cgi?id=2153081)
- [ha_cluster - use no_log in tasks looping over pot. secret parameters](https://bugzilla.redhat.com/show_bug.cgi?id=2127497)
- [nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data](https://bugzilla.redhat.com/show_bug.cgi?id=2159972)
- [nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names](https://bugzilla.redhat.com/show_bug.cgi?id=2126960)
- [network - should route traffic via correct bond](https://bugzilla.redhat.com/show_bug.cgi?id=2168733)
- [selinux - managing modules is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=2164879)
- [sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found](https://bugzilla.redhat.com/show_bug.cgi?id=2143401)
- [tlog - Unconditionally enable the files provider](https://bugzilla.redhat.com/show_bug.cgi?id=2153080)
+- [ha_cluster - use no_log in tasks looping over pot. secret parameters](https://bugzilla.redhat.com/show_bug.cgi?id=2143816)
+- [ha_cluster - Allow enabled SBD on disabled cluster](https://bugzilla.redhat.com/show_bug.cgi?id=2153030)
+- [ha_cluster - Fix stonith watchdog timeout](https://bugzilla.redhat.com/show_bug.cgi?id=2167528)
+- [nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names](https://bugzilla.redhat.com/show_bug.cgi?id=2126959)
+- [nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data](https://bugzilla.redhat.com/show_bug.cgi?id=2162782)
+- [network - should route traffic via correct bond](https://bugzilla.redhat.com/show_bug.cgi?id=2168735)
+- [selinux - managing modules is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=2160152)
+- [sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found](https://bugzilla.redhat.com/show_bug.cgi?id=2129401)
+- [tlog - Unconditionally enable the files provider](https://bugzilla.redhat.com/show_bug.cgi?id=2153043)

-[1.20.0] - 2022-08-09
+[1.20.1] - 2022-09-27
 ----------------------------

 ### New Features

- [cockpit - Add customization of port](https://bugzilla.redhat.com/show_bug.cgi?id=2115159)
- [firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID](https://bugzilla.redhat.com/show_bug.cgi?id=2100939)
- [firewall - support for firewall_config - gather firewall facts](https://bugzilla.redhat.com/show_bug.cgi?id=2115160)
- [logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs](https://bugzilla.redhat.com/show_bug.cgi?id=2112143)
- [selinux - Added setting of seuser and selevel for completeness](https://bugzilla.redhat.com/show_bug.cgi?id=2115162)
+- [ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles](https://bugzilla.redhat.com/show_bug.cgi?id=2129873)

 ### Bug Fixes

- [nbde_client - Sets proper spacing for parameter rd.neednet=1](https://bugzilla.redhat.com/show_bug.cgi?id=2115161)
- [network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence](https://bugzilla.redhat.com/show_bug.cgi?id=2115884)
- [ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing](https://bugzilla.redhat.com/show_bug.cgi?id=2109997)
- [storage - [RHEL8] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.](https://bugzilla.redhat.com/show_bug.cgi?id=2082391)
+- none
+
+[1.20.0] - 2022-08-05
+----------------------------
+
+### New Features
+
+- [cockpit - Add customization of port](https://bugzilla.redhat.com/show_bug.cgi?id=2115152)
+- [firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID](https://bugzilla.redhat.com/show_bug.cgi?id=2100942)
+- [firewall - support for firewall_config - gather firewall facts](https://bugzilla.redhat.com/show_bug.cgi?id=2115154)
+- [logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs](https://bugzilla.redhat.com/show_bug.cgi?id=2112145)
+- [selinux - Added setting of seuser and selevel for completeness](https://bugzilla.redhat.com/show_bug.cgi?id=2115157)
+
+### Bug Fixes
+
+- [nbde_client - Sets proper spacing for parameter rd.neednet=1](https://bugzilla.redhat.com/show_bug.cgi?id=2115156)
+- [network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence](https://bugzilla.redhat.com/show_bug.cgi?id=2115886)
+- [ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing](https://bugzilla.redhat.com/show_bug.cgi?id=2109998)
+- [storage - [RHEL9] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.](https://bugzilla.redhat.com/show_bug.cgi?id=2082736)

 [1.19.3] - 2022-07-01
 ----------------------------

 ### New Features

- [firewall - support add/modify/delete services](https://bugzilla.redhat.com/show_bug.cgi?id=2100297)
- [network - [RFE] [network] Support managing the network through nmstate schema](https://bugzilla.redhat.com/show_bug.cgi?id=2100979)
- [storage - support for adding/removing disks to/from storage pools](https://bugzilla.redhat.com/show_bug.cgi?id=2066880)
- [storage - support for attaching cache volumes to existing volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2066881)
+- [firewall - support add/modify/delete services](https://bugzilla.redhat.com/show_bug.cgi?id=2100292)
+- [network - [RFE] [network] Support managing the network through nmstate schema](https://bugzilla.redhat.com/show_bug.cgi?id=2072385)
+- [storage - support for adding/removing disks to/from storage pools](https://bugzilla.redhat.com/show_bug.cgi?id=2072742)
+- [storage - support for attaching cache volumes to existing volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2072746)

 ### Bug Fixes

- [firewall - forward_port should accept list of string or list of dict](https://bugzilla.redhat.com/show_bug.cgi?id=2101607)
- [metrics - document minimum supported redis version required by rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=2100285)
- [metrics - restart pmie, pmlogger if changed, do not wait for handler](https://bugzilla.redhat.com/show_bug.cgi?id=2100298)
+- [firewall - forward_port should accept list of string or list of dict](https://bugzilla.redhat.com/show_bug.cgi?id=2100605)
+- [metrics - document minimum supported redis version required by rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=2100286)
+- [metrics - restart pmie, pmlogger if changed, do not wait for handler](https://bugzilla.redhat.com/show_bug.cgi?id=2100294)
+- [storage - [RHEL9] _storage_test_pool_pvs get wrong data type in  test-verify-pool-members.yml](https://bugzilla.redhat.com/show_bug.cgi?id=2044119)

 [1.19.2] - 2022-06-15
 ----------------------------

 ### New Features

- [sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9](https://bugzilla.redhat.com/show_bug.cgi?id=2086935)
+- [sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9](https://bugzilla.redhat.com/show_bug.cgi?id=2052086)

 ### Bug Fixes

@ -197,8 +263,8 @@ Changelog

 ### New Features

- [storage - support for creating and managing LVM thin pools/LVs](https://bugzilla.redhat.com/show_bug.cgi?id=2066876)
- [All roles should support running with gather_facts: false](https://bugzilla.redhat.com/show_bug.cgi?id=2079008)
+- [storage - support for creating and managing LVM thin pools/LVs](https://bugzilla.redhat.com/show_bug.cgi?id=2072745)
+- [All roles should support running with gather_facts: false](https://bugzilla.redhat.com/show_bug.cgi?id=2078989)

 ### Bug Fixes

@ -209,55 +275,56 @@ Changelog

 ### New Features

- [storage - support for creating and managing LVM thin pools/LVs](https://bugzilla.redhat.com/show_bug.cgi?id=2066876)
- [firewall - state no longer required for masquerade and ICMP block inversion](https://bugzilla.redhat.com/show_bug.cgi?id=2093437)
+- [storage - support for creating and managing LVM thin pools/LVs](https://bugzilla.redhat.com/show_bug.cgi?id=2072745)
+- [firewall - state no longer required for masquerade and ICMP block inversion](https://bugzilla.redhat.com/show_bug.cgi?id=2093423)

 ### Bug Fixes

- [storage - role raid_level "striped" is not supported](https://bugzilla.redhat.com/show_bug.cgi?id=2083426)
+- [storage - role raid_level "striped" is not supported](https://bugzilla.redhat.com/show_bug.cgi?id=2083410)

-[1.18.0] - 2022-05-26
+[1.18.0] - 2022-05-02
 ----------------------------

 ### New Features

- [firewall - [Improvement] Allow System Role to reset to default Firewalld Settings](https://bugzilla.redhat.com/show_bug.cgi?id=2043009)
- [metrics - [RFE] add an option to the metrics role to enable postfix metric collection](https://bugzilla.redhat.com/show_bug.cgi?id=2079114)
- [network - Rework the infiniband support](https://bugzilla.redhat.com/show_bug.cgi?id=2086869)
- [sshd - system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf"](https://bugzilla.redhat.com/show_bug.cgi?id=2086934)
- [sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9](https://bugzilla.redhat.com/show_bug.cgi?id=2086935)
+- [firewall - [Improvement] Allow System Role to reset to default Firewalld Settings](https://bugzilla.redhat.com/show_bug.cgi?id=2043010)
+- [metrics - [RFE] add an option to the metrics role to enable postfix metric collection](https://bugzilla.redhat.com/show_bug.cgi?id=2051737)
+- [network - Rework the infiniband support](https://bugzilla.redhat.com/show_bug.cgi?id=2086965)
+- [sshd - system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf"](https://bugzilla.redhat.com/show_bug.cgi?id=2052081)
+- [sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9](https://bugzilla.redhat.com/show_bug.cgi?id=2052086)

 ### Bug Fixes

- [storage - role cannot set mount_options for volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2083378)
+- [storage - role cannot set mount_options for volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2083376)

 [1.17.0] - 2022-04-25
 ----------------------------

 ### New Features

- [All roles should support running with gather_facts: false](https://bugzilla.redhat.com/show_bug.cgi?id=2079008)
- [ha_cluster - support advanced corosync configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2065339)
- [ha_cluster - support SBD fencing](https://bugzilla.redhat.com/show_bug.cgi?id=2066868)
- [ha_cluster - add support for configuring bundle resources](https://bugzilla.redhat.com/show_bug.cgi?id=2073518)
- [logging - Logging - RFE - support template, severity and facility options](https://bugzilla.redhat.com/show_bug.cgi?id=2075116)
- [metrics - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065215)
- [metrics - [RFE] add an option to the metrics role to enable postfix metric collection](https://bugzilla.redhat.com/show_bug.cgi?id=2079114)
- [network - [RFE] Extend rhel-system-roles.network feature set to support routing rules](https://bugzilla.redhat.com/show_bug.cgi?id=1996731)
- [network - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065670)
- [postfix - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065216)
- [postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065218)
+- [All roles should support running with gather_facts: false](https://bugzilla.redhat.com/show_bug.cgi?id=2078989)
+- [ha_cluster - support advanced corosync configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2065337)
+- [ha_cluster - support SBD fencing](https://bugzilla.redhat.com/show_bug.cgi?id=2079626)
+- [ha_cluster - add support for configuring bundle resources](https://bugzilla.redhat.com/show_bug.cgi?id=2073519)
+- [logging - Logging - RFE - support template, severity and facility options](https://bugzilla.redhat.com/show_bug.cgi?id=2075119)
+- [metrics - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065392)
+- [metrics - [RFE] add an option to the metrics role to enable postfix metric collection](https://bugzilla.redhat.com/show_bug.cgi?id=2051737)
+- [network - [RFE] Extend rhel-system-roles.network feature set to support routing rules](https://bugzilla.redhat.com/show_bug.cgi?id=2079622)
+- [postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default [rhel-9.1.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065383)
+- [storage - RFE storage Less verbosity by default](https://bugzilla.redhat.com/show_bug.cgi?id=2079627)

 ### Bug Fixes

- [firewall - Firewall system role Ansible deprecation warning related to "include"](https://bugzilla.redhat.com/show_bug.cgi?id=2078650)
- [kernel_settings - error configobj not found on RHEL 8.6 managed hosts [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2060378)
- [metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2060377)
- [nbde_client - NBDE client system role does not support servers with static IP addresses [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2071011)
- [network - bond: fix typo in supporting the infiniband ports in active-backup mode](https://bugzilla.redhat.com/show_bug.cgi?id=2064067)
- [sshd - FIPS mode detection in SSHD role is wrong](https://bugzilla.redhat.com/show_bug.cgi?id=2075338)
- [storage - RFE storage Less verbosity by default](https://bugzilla.redhat.com/show_bug.cgi?id=2056480)
- [tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default](https://bugzilla.redhat.com/show_bug.cgi?id=2072749)
+- [firewall - Firewall system role Ansible deprecation warning related to "include"](https://bugzilla.redhat.com/show_bug.cgi?id=2061511)
+- [kernel_settings - error configobj not found on RHEL 8.6 managed hosts](https://bugzilla.redhat.com/show_bug.cgi?id=2060525)
+- [logging - tests fail during cleanup if no cloud-init on system](https://bugzilla.redhat.com/show_bug.cgi?id=2058799)
+- [metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run](https://bugzilla.redhat.com/show_bug.cgi?id=2060523)
+- [nbde_client - NBDE client system role does not support servers with static IP addresses [rhel-9.1.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2070462)
+- [network - bond: fix typo in supporting the infiniband ports in active-backup mode [rhel-9.1.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065394)
+- [network - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065382)
+- [postfix - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065393)
+- [sshd - FIPS mode detection in SSHD role is wrong](https://bugzilla.redhat.com/show_bug.cgi?id=2073605)
+- [tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default](https://bugzilla.redhat.com/show_bug.cgi?id=2071804)

 [1.16.3] - 2022-04-07
 ----------------------------
@ -330,7 +397,7 @@ Changelog
 - [metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run](https://bugzilla.redhat.com/show_bug.cgi?id=2058655)
 - [firewall - ensure target changes take effect immediately](https://bugzilla.redhat.com/show_bug.cgi?id=2057172)

-[1.14.0] - 2022-02-14
+[1.14.0] - 2022-02-21
 ----------------------------

 ### New Features
@ -344,19 +411,7 @@ Changelog

 - [ha_cluster - set permissions for haclient group](https://bugzilla.redhat.com/show_bug.cgi?id=2049747)

-[1.13.1] - 2022-02-08
----------------------------
-
-### New Features
-
- none
-
-### Bug Fixes
-
- [vpn - vpn: template error while templating string: no filter named 'vpn_ipaddr'](https://bugzilla.redhat.com/show_bug.cgi?id=2050341)
- [kdump - kdump: Unable to start service kdump: Job for kdump.service failed because the control process exited with error code.](https://bugzilla.redhat.com/show_bug.cgi?id=2052105)
-
-[1.13.0] - 2022-02-01
+[1.13.0] - 2022-02-14
 ----------------------------

 ### New Features
@ -373,7 +428,7 @@ Changelog
 - [network - Failure to activate connection: nm-manager-error-quark: No suitable device found for this connection](https://bugzilla.redhat.com/show_bug.cgi?id=2034908)
 - [network - Set DNS search setting only for enabled IP protocols](https://bugzilla.redhat.com/show_bug.cgi?id=2041627)

-[1.12.0] - 2022-01-27
+[1.12.1] - 2022-02-08
 ----------------------------

 ### New Features
@ -382,6 +437,18 @@ Changelog

 ### Bug Fixes

+- [vpn - vpn: template error while templating string: no filter named 'vpn_ipaddr'](https://bugzilla.redhat.com/show_bug.cgi?id=2050341)
+- [kdump - kdump: Unable to start service kdump: Job for kdump.service failed because the control process exited with error code.](https://bugzilla.redhat.com/show_bug.cgi?id=2052105)
+
+[1.12.0] - 2022-02-03
+----------------------------
+
+### New Features
+
+- [Support ansible-core 2.11+](https://bugzilla.redhat.com/show_bug.cgi?id=2012316)
+
+### Bug Fixes
+
 - [logging - Logging role "logging_purge_confs" option not properly working](https://bugzilla.redhat.com/show_bug.cgi?id=2040812)
 - [kernel_settings - role should use ansible_managed in its configuration file](https://bugzilla.redhat.com/show_bug.cgi?id=2047504)

@ -426,7 +493,18 @@ Changelog
 - [nbde_client - add regenerate-all to the dracut command](https://bugzilla.redhat.com/show_bug.cgi?id=2021682)
 - [certificate - certificates: "group" option keeps certificates inaccessible to the group](https://bugzilla.redhat.com/show_bug.cgi?id=2021683)

-[1.7.3] - 2021-08-26
+[1.9.0] - 2021-10-26
+----------------------------
+
+### New Features
+
+- [logging - [RFE]  logging - Add user and password](https://bugzilla.redhat.com/show_bug.cgi?id=1990490)
+
+### Bug Fixes
+
+- [Replace `# {{ ansible_managed }}` with `{{ ansible_managed | comment }}`](https://bugzilla.redhat.com/show_bug.cgi?id=2006230)
+
+[1.8.3] - 2021-08-26
 ----------------------------

 ### New Features
@ -437,7 +515,7 @@ Changelog

 - none

-[1.7.2] - 2021-08-24
+[1.8.2] - 2021-08-24
 ----------------------------

 ### New Features
@ -448,7 +526,7 @@ Changelog

 - [logging - Update the certificates copy tasks](https://bugzilla.redhat.com/show_bug.cgi?id=1996777)

-[1.7.1] - 2021-08-16
+[1.8.1] - 2021-08-16
 ----------------------------

 ### New Features
@ -459,7 +537,7 @@ Changelog

 - [metrics - role: the bpftrace role does not properly configure bpftrace agent](https://bugzilla.redhat.com/show_bug.cgi?id=1994180)

-[1.7.0] - 2021-08-12
+[1.8.0] - 2021-08-12
 ----------------------------

 ### New Features
@ -470,7 +548,7 @@ Changelog

 - [sshd - sshd: failed to validate: error:Missing Match criteria for all Bad Match condition](https://bugzilla.redhat.com/show_bug.cgi?id=1991598)

-[1.6.6] - 2021-08-06
+[1.7.5] - 2021-08-10
 ----------------------------

 ### New Features
@ -481,7 +559,7 @@ Changelog

 - none

-[1.6.2] - 2021-07-30
+[1.7.4] - 2021-08-06
 ----------------------------

 ### New Features
@ -492,18 +570,19 @@ Changelog

 - [metrics - role: Grafana dashboard not working after metrics role run unless services manually restarted](https://bugzilla.redhat.com/show_bug.cgi?id=1984150)

-[1.6.0] - 2021-07-28
+[1.7.0] - 2021-07-28
 ----------------------------

 ### New Features

+- [logging - [RFE] logging - Add a support for list value to server_host in the elasticsearch output](https://bugzilla.redhat.com/show_bug.cgi?id=1986460)
 - [storage - [RFE] storage: support volume sizes as a percentage of pool](https://bugzilla.redhat.com/show_bug.cgi?id=1984583)

 ### Bug Fixes

 - none

-[1.5.0] - 2021-07-15
+[1.6.0] - 2021-07-15
 ----------------------------

 ### New Features
@ -514,7 +593,7 @@ Changelog

 - none

-[1.4.3] - 2021-07-15
+[1.5.0] - 2021-07-15
 ----------------------------

 ### New Features
@ -545,7 +624,7 @@ Changelog

 ### Bug Fixes

- [network - Re-running the network system role results in "changed: true" when nothing has actually changed](https://bugzilla.redhat.com/show_bug.cgi?id=1943384)
+- [network - Re-running the network system role results in "changed: true" when nothing has actually changed](https://bugzilla.redhat.com/show_bug.cgi?id=1980871)

 [1.4.0] - 2021-07-08
 ----------------------------
@ -563,19 +642,17 @@ Changelog

 ### New Features

- [ha_cluster - RFE: add pacemaker resources configuration](https://bugzilla.redhat.com/show_bug.cgi?id=1963283)
- [network - [Network] RFE: Support ignoring default gateway retrieved by DHCP/IPv6-RA](https://bugzilla.redhat.com/show_bug.cgi?id=1897565)
- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1882475)
- [sshd - RFE: sshd - support for appending a snippet to configuration file](https://bugzilla.redhat.com/show_bug.cgi?id=1970642)
- [timesync - RFE: timesync support for Network Time Security (NTS)](https://bugzilla.redhat.com/show_bug.cgi?id=1970664)
+- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1978488)
+- [sshd - RFE: sshd - support for appending a snippet to configuration file](https://bugzilla.redhat.com/show_bug.cgi?id=1978752)
+- [timesync - RFE: timesync support for Network Time Security (NTS)](https://bugzilla.redhat.com/show_bug.cgi?id=1978753)

 ### Bug Fixes

- [postfix - Postfix RHEL system role README.md missing variables under the "Role Variables" section](https://bugzilla.redhat.com/show_bug.cgi?id=1961858)
- [postfix - the postfix role is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=1960375)
- [selinux - task for semanage says Fedora in name but also runs on RHEL/CentOS 8](https://bugzilla.redhat.com/show_bug.cgi?id=1966681)
- [metrics - role task to enable logging for targeted hosts not working](https://bugzilla.redhat.com/show_bug.cgi?id=1967335)
- [sshd ssh - Unable to set sshd_hostkey_group and sshd_hostkey_mode](https://bugzilla.redhat.com/show_bug.cgi?id=1966711)
+- [postfix - Postfix RHEL system role README.md missing variables under the "Role Variables" section](https://bugzilla.redhat.com/show_bug.cgi?id=1978734)
+- [postfix - the postfix role is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=1978760)
+- [selinux - task for semanage says Fedora in name but also runs on RHEL/CentOS 8](https://bugzilla.redhat.com/show_bug.cgi?id=1978740)
+- [metrics - role task to enable logging for targeted hosts not working](https://bugzilla.redhat.com/show_bug.cgi?id=1978746)
+- [sshd ssh - Unable to set sshd_hostkey_group and sshd_hostkey_mode](https://bugzilla.redhat.com/show_bug.cgi?id=1978745)

 [1.2.3] - 2021-06-17
 ----------------------------
@ -593,12 +670,11 @@ Changelog

 ### New Features

- [timesync - Add hybrid_e2e option to PTP domain](https://bugzilla.redhat.com/show_bug.cgi?id=1957849)
+- none

 ### Bug Fixes

 - [Internal links in README.md are broken](https://bugzilla.redhat.com/show_bug.cgi?id=1962976)
- [ha_cluster - cannot read preshared key in binary format](https://bugzilla.redhat.com/show_bug.cgi?id=1952620)

 [1.2.1] - 2021-05-21
 ----------------------------
@ -611,7 +687,7 @@ Changelog

 - [Internal links in README.md are broken](https://bugzilla.redhat.com/show_bug.cgi?id=1962976)

-[1.2.0] - 2021-05-17
+[1.2.0] - 2021-05-21
 ----------------------------

 ### New Features
@ -620,9 +696,11 @@ Changelog

 ### Bug Fixes

+- [postfix - the postfix role is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=1960375)
 - [postfix - postfix: Use FQRN in README](https://bugzilla.redhat.com/show_bug.cgi?id=1958963)
 - [postfix - Documentation error in rhel-system-roles postfix readme file](https://bugzilla.redhat.com/show_bug.cgi?id=1866544)
 - [storage - storage: calltrace observed when set type: partition for storage_pools](https://bugzilla.redhat.com/show_bug.cgi?id=1854187)
+- [ha_cluster - cannot read preshared key in binary format](https://bugzilla.redhat.com/show_bug.cgi?id=1952620)

 [1.1.0] - 2021-05-13
 ----------------------------
@ -642,61 +720,6 @@ Changelog
 - [timesync - do not use ignore_errors in timesync role](https://bugzilla.redhat.com/show_bug.cgi?id=1938014)
 - [selinux - rhel-system-roles should not reload the SELinux policy if its not changed](https://bugzilla.redhat.com/show_bug.cgi?id=1757869)

-[1.0.0] - 2021-02-23
----------------------------
-
-### New Features
-
- [network - RFE: [network] Support of DNS with options](https://bugzilla.redhat.com/show_bug.cgi?id=1893959)
- [network - RFE: [network] Embrace Inclusive language](https://bugzilla.redhat.com/show_bug.cgi?id=1893957)
- [ssh - [8.4] [RFE] Release Ansible role for ssh client in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893712)
- [clusterha - [8.4] [RFE] Release Ansible role for cluster HA in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893743)
- [logging - Logging - Support RELP secure transport in the logging role configuration](https://bugzilla.redhat.com/show_bug.cgi?id=1889484)
- [metrics - [8.4] [RFE] add exporting-metric-data-to-elasticsearch functionality in the metrics role](https://bugzilla.redhat.com/show_bug.cgi?id=1895188)
- [metrics - release SQL server configuration support in the metrics role](https://bugzilla.redhat.com/show_bug.cgi?id=1893908)
- [[8.4] Package rhel-system-roles in the collection format in addition to the legacy role format](https://bugzilla.redhat.com/show_bug.cgi?id=1893906)
-
-### Bug Fixes
-
- [logging - Logging - Integrating ELK with RHV-4.4 fails as RHVH is missing 'rsyslog-gnutls' package.](https://bugzilla.redhat.com/show_bug.cgi?id=1927943)
- [storage - storage: omitted parameters on existing pool/volume is interpreted as "use the default"](https://bugzilla.redhat.com/show_bug.cgi?id=1894651)
- [storage - storage: must list disks in order to identify an existing pool](https://bugzilla.redhat.com/show_bug.cgi?id=1894676)
- [storage - storage: pool metadata usage must be accounted for by the user](https://bugzilla.redhat.com/show_bug.cgi?id=1894647)
- [selinux - Merged fix incorrect default value (there is no variable named "present")](https://bugzilla.redhat.com/show_bug.cgi?id=1926947)
- [storage - storage: tests_luks.yml partition case failed with nvme disk](https://bugzilla.redhat.com/show_bug.cgi?id=1865990)
-
-[1.0] - 2021-01-15
----------------------------
-
-### New Features
-
- [tlog - Add exclude_users and exclude_groups support](https://bugzilla.redhat.com/show_bug.cgi?id=1895472)
- [crypto_policies - [8.4] [RFE] Release Ansible role for crypto policies in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893699)
- [sshd - [8.4] [RFE] Release Ansible role for sshd in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893696)
- [metrics - role should automate the setup of Grafana datasources](https://bugzilla.redhat.com/show_bug.cgi?id=1855544)
- [network role: Support -K|--features|--offload ethtool options](https://bugzilla.redhat.com/show_bug.cgi?id=1696703)
- [network role: Atomic changes](https://bugzilla.redhat.com/show_bug.cgi?id=1695161)
-
-### Bug Fixes
-
- [storage - safe mode of storage role does not prevent accidentally losing data when toggling encryption on a volume, disk or pool](https://bugzilla.redhat.com/show_bug.cgi?id=1881524)
- [storage - storage: ext2/3/4 resize function doesn't work](https://bugzilla.redhat.com/show_bug.cgi?id=1862867)
- [logging - [logging role] cannot setup machine with tls](https://bugzilla.redhat.com/show_bug.cgi?id=1861318)
- [certificate - role: The role is not idempotent in rhel7](https://bugzilla.redhat.com/show_bug.cgi?id=1859547)
- [logging - Logging - Bug fixes](https://bugzilla.redhat.com/show_bug.cgi?id=1854546)
- [logging - [logging role] support scenario for client without key/cert, just CA cert](https://bugzilla.redhat.com/show_bug.cgi?id=1860896)
- [metrics - role incorrectly sets up multiple primary pmie processes in multi-host mode](https://bugzilla.redhat.com/show_bug.cgi?id=1855539)
- [certificate - role cannot manage EL7 hosts](https://bugzilla.redhat.com/show_bug.cgi?id=1848745)
- [network - [network] Support state:down persistent_state:absent for non-existent profile](https://bugzilla.redhat.com/show_bug.cgi?id=1822777)
- [network - Creating active bonded interface fails with the initscripts provider](https://bugzilla.redhat.com/show_bug.cgi?id=1848472)
- [logging - Logging role had performance issues](https://bugzilla.redhat.com/show_bug.cgi?id=1848762)
- [certificate - role does not work on controller hosts which use jinja2 2.10](https://bugzilla.redhat.com/show_bug.cgi?id=1848742)
- [nbde_client - fix idempotency, check_mode issues with nbde_client role](https://bugzilla.redhat.com/show_bug.cgi?id=1848766)
- [storage - Storage role can remove existing filesystems and volume groups without warning](https://bugzilla.redhat.com/show_bug.cgi?id=1763242)
- [network role: Minimize service disruption](https://bugzilla.redhat.com/show_bug.cgi?id=1695157)
- [typo in selinux/tests/tests_selinux_disabled.yml: Invalid options for assert: mgs](https://bugzilla.redhat.com/show_bug.cgi?id=1677743)
- [Check mode problems in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1685904)
-
 [0.6] - 2018-05-11
 ----------------------------

--- a/SOURCES/CHANGELOG.rst
+++ b/SOURCES/CHANGELOG.rst
--- a/SOURCES/ansible-packaging.inc
+++ b/SOURCES/ansible-packaging.inc
--- a/SOURCES/collection_readme.sh
+++ b/SOURCES/collection_readme.sh
--- a/SOURCES/extrasources.inc
+++ b/SOURCES/extrasources.inc
@ -1,10 +1,10 @@
 Source801: https://galaxy.ansible.com/download/ansible-posix-1.5.4.tar.gz
-Source901: https://galaxy.ansible.com/download/community-general-8.3.0.tar.gz
-Source902: https://galaxy.ansible.com/download/containers-podman-1.12.0.tar.gz
+Source901: https://galaxy.ansible.com/download/community-general-9.3.0.tar.gz
+Source902: https://galaxy.ansible.com/download/containers-podman-1.15.4.tar.gz

 Provides: bundled(ansible-collection(ansible.posix)) = 1.5.4
-Provides: bundled(ansible-collection(community.general)) = 8.3.0
-Provides: bundled(ansible-collection(containers.podman)) = 1.12.0
+Provides: bundled(ansible-collection(community.general)) = 9.3.0
+Provides: bundled(ansible-collection(containers.podman)) = 1.15.4

 Source996: CHANGELOG.rst
 Source998: collection_readme.sh
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,7 @@
+--- !Policy
+product_versions:
+  - rhel-10
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
+
--- a/SPECS/rhel-system-roles.spec
+++ b/SPECS/rhel-system-roles.spec
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@ -0,0 +1,2 @@
+inspections:
+  specname: off
--- a/36
+++ b/36
@ -0,0 +1,36 @@
+SHA512 (ad_integration-1.4.6.tar.gz) = 3f097b0a4b24488ee5eee64dfd88dbff48deb871dbb9734601331737fe67b147a17fd771c21fd43c539079b5bb3a7c8246063d8f7084338ea640bcd826ffd634
+SHA512 (ansible-posix-1.5.4.tar.gz) = 63321c2b439bb2c707c5bea2fba61eaefecb0ce1c832c4cfc8ee8bb89448c8af10e447bf580e8ae6d325c0b5891b609683ff2ba46b78040e2c4d3d8b6bdcd724
+SHA512 (ansible-sshd-v0.25.0.tar.gz) = bf789bd8b1ff34208220ef6b2865286c7a7fdfd0f7e11586cb69c328108348b4c3c91d759d0d3a268bc8ddbb5fd9797ab3b4cf86d6ca8f8cd32106b7890ae962
+SHA512 (auto-maintenance-1.88.9.tar.gz) = c20a656ec9d2b35ad4c597986a72935bf6c0abb030f23344529eaa1c857424df05751b0971174d72c06edc76571e5e58cd25553a5b373649f9427a067c1334d3
+SHA512 (bootloader-1.0.7.tar.gz) = d3d08c64596f63fb9336673a4b16e6ecf8a283ed53d945e0673d166217315bc6cf367d3c559eb7624ac57b480c106bbbb114e5cc17a413d3e36c4c0a813b05cc
+SHA512 (certificate-1.3.6.tar.gz) = 85c3f7bd39e06f63f29caa50276c2c883e904c411ca22873df408353d744b85696a68482227cebfdd3e33848d5185d3b6a5a4c4e7a0b40b63634177b430bd5a8
+SHA512 (cockpit-1.5.10.tar.gz) = 8940d819dfebdc1dc0b7ae163306cc8d1da9db43a96754db8bdfdb51a7801e9da523b94684b7f4b0d8da7d3e0103f2ee718d82d02b033c67551e418d031c60fd
+SHA512 (community-general-9.3.0.tar.gz) = d8f6371d0aaee993478c42aec9dea2617a4b8157fc786fe585648398ecd9cc856ea5d7230c5080ce19b41e0cadfffcb81e0ee526dfd806e68b4e178ac4273aa5
+SHA512 (containers-podman-1.15.4.tar.gz) = 9476f4455be26c926b8e74889b517bdd4f99ccb2bc80f87f1732ba163286ef70e38fc729865674490f157b180f21cb53ef5e056d25d12901fadf74b69be40afc
+SHA512 (crypto_policies-1.4.0.tar.gz) = f09245aac319ea28b9548c8c4d7fe37721bd74609b3ead8456a7409488c98bb3c5a3c31a0da4b63929885d30fec2577f261fe7532cf31ba85faa094e43175a1c
+SHA512 (fapolicyd-1.1.7.tar.gz) = 37a1885ce0cd85bb221d32ea419e4312f4382ea49b05f72fd683a20ac787861a8758ab3c2b6691a42c8943adacf1453c6144e78f200632ddc8ed86368285a565
+SHA512 (firewall-1.8.0.tar.gz) = 17e7fc1d8541f80c1294f39f8f1bc8f89c3275767e1dca423e6d77ab6b0d79c3b4b5df334824b657b486f1d5eb3615318ea23ba1beeed32286f4e5c4a4d46acb
+SHA512 (gfs2-1.0.0.tar.gz) = 16fc72b78f8b6ec1784734a8f0320955c692f5031cad079203f9839f9ac6af4c90902de9321c41c3e6e8a9fa8fdb2a6518805688898d985cc0e303007b1154f1
+SHA512 (ha_cluster-1.19.2.tar.gz) = f2e3e5772b36036c7c667c2a51051e70e764010f546ddd69c90979ff0f06b1758a30f7c9d64105350ec640739360551825b1fc1da1baf779d0c923b28904c903
+SHA512 (journald-1.3.3.tar.gz) = 810e0ea37de83e44ca2b1a763c884f4e188a825f4fa44f0eb6199baef54364ec1e62f352affca4e2604eaa1aee4edda5a01a8912eebf35a2cbee45b27e1aa0ae
+SHA512 (kdump-1.4.7.tar.gz) = f957d96d747b4a5405b48254627b5d8143b583cac8bd06f96c5b6701e4a9f29c47a2a29154ba8505ee5f78258688dcfb7599379ae686edbe911f7f103d1d4b10
+SHA512 (kernel_settings-1.3.2.tar.gz) = 96e74e6f8b7b71707ac34094e9161c0239028c5c86bf010e1a5250ca113235bac2555ee7ae4c1a9b600c685aece3c047186451c431dbe17c91d9e2ca32cadacd
+SHA512 (keylime_server-1.1.5.tar.gz) = e42d401e8366e4bc7ba89e72f459c0be002b31d2ea401726d3e0249676155f40d268bdfdff9e12f827f9771af9b3c68a5d2084ff6de85aa5d8561bbf61a2be42
+SHA512 (logging-1.13.4.tar.gz) = bb85e02d7b44fa074f9c3b1d2da7e732ed00f09aa299de653f14451e17316a231e084c5092786c5b2d7b981539adff6e1ed114c6f93da668c0e3c52f0d0e07c3
+SHA512 (metrics-1.10.6.tar.gz) = 7ef721075ce39f6f1e9df5427fd41614ed214032b699ac1b89c17d7376795fda5f46a3df2389bee169a622c9adad83bc032d9387eb2fe1421feed20e502f62c3
+SHA512 (nbde_client-1.3.0.tar.gz) = 3c7681bb7d564aff1ecf6b24c6933a22185fd6f0bc207f572104270468ec274cfa66bb69f4db06d8d6b6403379b06187f38344aee5810a565027970aa3185079
+SHA512 (nbde_server-1.4.7.tar.gz) = da2b7902aad55f651af806e791a9a55aabbaf31ef9bfb2eaf6e8c085cece804b35b893b6c3f5718c6bc05b25ed99b987d57c8befe64034012d807f5f05119f44
+SHA512 (network-1.16.4.tar.gz) = 21770c64a313ea6751c0ac13e385ecd28f23bbf5b7f5d1b0bd374bd3be4f6453aa5afa163282eee36595af91bfb8967414e18760b5131392c0fe7376064de13b
+SHA512 (podman-1.6.4.tar.gz) = beec0c42c17e8cfff1080ac26786a91cd021667c5631d7291779c0347f19d9eccc92ffef55412cfddd692c87bd4eb49ed96eff611b004dedce521d1ac41174b2
+SHA512 (postfix-1.5.1.tar.gz) = 494083a1ff346a7785517646fa51b14e112d2cc3f020f7f3c968bff741c96be5b7e2e3395f3c6a98feabd193d2f6c02f4417f081920ef4de068598de8f1bfbd6
+SHA512 (postgresql-1.3.8.tar.gz) = ce6aad163f10dd84d5bfcac90b5f10a3bcc350f5baac5b75e7bfffc2e5d88ddac5a62bc1b099743f6a54fe8cd7342c1071803c4113917a4b112c2d1c97bcd4c8
+SHA512 (rhc-1.6.6.tar.gz) = bb38c72f3d82eaf86c526e435c9d0d0bbed62ab8ff5c2f03be256fa88bbba4200f5bb8395bfdcbf38244901c2d4fa10dfc0f8905c677d478d7983535fdf7ca83
+SHA512 (selinux-1.8.0.tar.gz) = 32e00afb75724ae1d68143f5da1edc30bb8efa2d3ad0b9a2f3ad8edda06584c2c3587cfac15e91a5b446c4408d9875f037d661b8db77b8af5ee86ad893e0a5b8
+SHA512 (snapshot-1.4.1.tar.gz) = 1227b6be2af5307dd01951e306a98eabfe14e3428282375d7c180327ae5d31cf2980ec1e829f1c2f12e625ac0647b65169f1d55262ef92ad592b75728ba7fa9e
+SHA512 (ssh-1.5.0.tar.gz) = f4aa81ba150eda463a9f2c72ec08a10938d3df9873d653f0877d6025bc6ed70c6f951dac8b7529107944ba4ff5f8906894826815fee58b5fa4043ac0a2bb10b8
+SHA512 (storage-1.18.7.tar.gz) = 8b15fc7f92855de0f18f73a3dda3ecdc32c30f114f2cd04ea1d56ba52074c9cd90d0eb37f4e78ac06837241361e950d905634219ab628b14c62a7856a05ae8b4
+SHA512 (sudo-1.1.0.tar.gz) = d197220059f9edd941dbcfc9f9574660d1d1222ade3c90e60fbdae1087fc47318c7b50571bd03f80f6cd24dca94c4462d4f78495f36119efc93e08e6e1a276ee
+SHA512 (systemd-1.2.0.tar.gz) = 0ab5c4795c03638bee45b6812db0219b8c5af72654b4c3dedd66232c046dd121f9569aa1aef39cb85f7818917a8de0619c399b5b97a97ee39d2699ae58d14bfa
+SHA512 (timesync-1.9.0.tar.gz) = 99ced1c244e3f64b618fb1913e0fdbcb0b44583114d32a747a9723fa88ee837b624e8a2fc00a66e4faa5c4e476d8a74ece4e89361c3122622b01c6bc073db4d5
+SHA512 (tlog-1.3.6.tar.gz) = c43657c03189cabc6f729c5620c59b518447e9120ac7b3cec67de7f754284fe48e2f66c7cf8b85f355187db53ab4cbdb7c812c4f072241b524235b91b863b8ed
+SHA512 (vpn-1.6.6.tar.gz) = f0243538cf1ec1961203e527809375daea6c0ecfb79a62af78547cd9fe6787ab1eec8563f32eb7c96345e5c60d1bf573716e10aad9f68542374da120e40d72a6
--- a/SOURCES/vendoring-build.inc
+++ b/SOURCES/vendoring-build.inc
@ -22,8 +22,37 @@ declare -A plugin_map=(
  [containers/podman/plugins/modules/podman_play.py]=podman
  [containers/podman/plugins/modules/podman_secret.py]=podman
  [containers/podman/plugins/module_utils/podman/common.py]=podman
+  [containers/podman/plugins/module_utils/podman/quadlet.py]=podman
 )

+# fix the following issue
+# ERROR: Found 1 pylint issue(s) which need to be resolved:
+# ERROR: plugins/modules/rhsm_repository.py:263:8: wrong-collection-deprecated: Wrong collection name ('community.general') found in call to Display.deprecated or AnsibleModule.deprecate
+sed "s/collection_name='community.general'/collection_name='%{collection_namespace}.%{collection_name}'/" \
+  -i .external/community/general/plugins/modules/rhsm_repository.py
+
+fix_module_documentation() {
+  local module_src doc_fragment_name df_dest_dir
+  local -a paths
+  module_src=".external/$1"
+  sed ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- "WARNING: Do not use this plugin directly! It is only for role internal use."\n\1/' \
+    -i "$module_src"
+  # grab documentation fragments
+  for doc_fragment_name in $(awk -F'[ -]+' '/^extends_documentation_fragment:/ {reading = 1; next}; /^[ -]/ {if (reading) {print $2}; next}; /^[^ -]/ {if (reading) {exit}}' "$module_src"); do
+    if [ "$doc_fragment_name" = files ]; then continue; fi  # this one is built-in
+    df_dest_dir="%{collection_build_path}/plugins/doc_fragments"
+    if [ ! -d "$df_dest_dir" ]; then
+      mkdir -p "$df_dest_dir"
+    fi
+    paths=(${doc_fragment_name//./ })
+    # if we ever have two different collections that have the same doc_fragment name
+    # with different contents, we will be in trouble . . .
+    # will have to make the doc fragment files unique, then edit $dest to use
+    # the unique name
+    cp ".external/${paths[0]}/${paths[1]}/plugins/doc_fragments/${paths[2]}.py" "$df_dest_dir"
+  done
+}
+
 declare -a modules mod_utils collection_plugins
 declare -A dests
 # vendor in plugin files - fix documentation, fragments
@ -31,9 +60,12 @@ for src in "${!plugin_map[@]}"; do
  roles="${plugin_map["$src"]}"
  if [ "$roles" = __collection ]; then
    collection_plugins+=("$src")
+    case "$src" in
+    */plugins/modules/*) fix_module_documentation "$src";;
+    esac
  else
    case "$src" in
-    */plugins/modules/*) srcdir=plugins/modules; subdir=library; modules+=("$src") ;;
+    */plugins/modules/*) srcdir=plugins/modules; subdir=library; modules+=("$src"); fix_module_documentation "$src";;
    */plugins/module_utils/*) srcdir=plugins/module_utils; mod_utils+=("$src") ;;
    */plugins/action/*) srcdir=plugins/action ;;
    esac
@ -54,9 +86,6 @@ for src in "${!plugin_map[@]}"; do
      mkdir -p "$destdir"
    fi
    cp -pL ".external/$src" "$dest"
-    sed -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this plugin directly! It is only for role internal use.\n\1/' \
-      -e '/^extends_documentation_fragment:/,/^[^ -]/{/^extends/d;/^[ -]/d}' \
-      -i "$dest"
  done
 done

@ -92,11 +121,32 @@ done
 # for podman, change the FQCN - using a non-FQCN module name doesn't seem to work,
 # even for the legacy role format
 for rolename in %{rolenames}; do
-    find "$rolename" -type f -exec \
-         sed -e "s/linux-system-roles[.]${rolename}\\>/%{roleinstprefix}${rolename}/g" \
-             -e "s/fedora[.]linux_system_roles[.]/%{collection_namespace}.%{collection_name}./g" \
-             -e "s/containers[.]podman[.]/%{collection_namespace}.%{collection_name}./g" \
-             -e "s/community[.]general[.]/%{collection_namespace}.%{collection_name}./g" \
-             -e "s/ansible[.]posix[.]/%{collection_namespace}.%{collection_name}./g" \
-             -i {} \;
+  find "$rolename" -type f -exec \
+    sed -e "s/linux-system-roles[.]${rolename}\\>/%{roleinstprefix}${rolename}/g" \
+        -e "s/fedora[.]linux_system_roles[.]/%{collection_namespace}.%{collection_name}./g" \
+        -e "s/containers[.]podman[.]/%{collection_namespace}.%{collection_name}./g" \
+        -e "s/community[.]general[.]/%{collection_namespace}.%{collection_name}./g" \
+        -e "s/ansible[.]posix[.]/%{collection_namespace}.%{collection_name}./g" \
+        -i {} \;
+done
+
+# add ansible-test ignores needed due to vendoring
+for ansible_ver in 2.14 2.15 2.16; do
+  ignore_file="podman/.sanity-ansible-ignore-${ansible_ver}.txt"
+  cat >> "$ignore_file" <<EOF
+plugins/module_utils/podman_lsr/podman/quadlet.py compile-2.7!skip
+plugins/module_utils/podman_lsr/podman/quadlet.py import-2.7!skip
+plugins/modules/podman_image.py import-2.7!skip
+plugins/modules/podman_play.py import-2.7!skip
+EOF
+done
+# these platforms still use python 3.5
+for ansible_ver in 2.14 2.15; do
+  ignore_file="podman/.sanity-ansible-ignore-${ansible_ver}.txt"
+  cat >> "$ignore_file" <<EOF
+plugins/module_utils/podman_lsr/podman/quadlet.py compile-3.5!skip
+plugins/module_utils/podman_lsr/podman/quadlet.py import-3.5!skip
+plugins/modules/podman_image.py import-3.5!skip
+plugins/modules/podman_play.py import-3.5!skip
+EOF
 done
--- a/SOURCES/vendoring-prep.inc
+++ b/SOURCES/vendoring-prep.inc