Compare commits
No commits in common. "c8" and "imports/c8s/rhel-system-roles-1.20.1-1.el8" have entirely different histories.
c8
...
imports/c8
57
.gitignore
vendored
57
.gitignore
vendored
@ -1,34 +1,23 @@
|
||||
SOURCES/ad_integration-1.4.2.tar.gz
|
||||
SOURCES/ansible-posix-1.5.4.tar.gz
|
||||
SOURCES/ansible-sshd-v0.23.2.tar.gz
|
||||
SOURCES/auto-maintenance-11ad785c9bb72611244e7909450ca4247e12db4d.tar.gz
|
||||
SOURCES/bootloader-1.0.3.tar.gz
|
||||
SOURCES/certificate-1.3.3.tar.gz
|
||||
SOURCES/cockpit-1.5.5.tar.gz
|
||||
SOURCES/community-general-8.3.0.tar.gz
|
||||
SOURCES/containers-podman-1.12.0.tar.gz
|
||||
SOURCES/crypto_policies-1.3.2.tar.gz
|
||||
SOURCES/fapolicyd-1.1.1.tar.gz
|
||||
SOURCES/firewall-1.7.4.tar.gz
|
||||
SOURCES/ha_cluster-1.14.0.tar.gz
|
||||
SOURCES/journald-1.2.3.tar.gz
|
||||
SOURCES/kdump-1.4.4.tar.gz
|
||||
SOURCES/kernel_settings-1.2.2.tar.gz
|
||||
SOURCES/keylime_server-1.1.2.tar.gz
|
||||
SOURCES/logging-1.12.4.tar.gz
|
||||
SOURCES/metrics-1.10.1.tar.gz
|
||||
SOURCES/nbde_client-1.2.17.tar.gz
|
||||
SOURCES/nbde_server-1.4.3.tar.gz
|
||||
SOURCES/network-1.15.1.tar.gz
|
||||
SOURCES/podman-1.4.7.tar.gz
|
||||
SOURCES/postfix-1.4.3.tar.gz
|
||||
SOURCES/postgresql-1.3.5.tar.gz
|
||||
SOURCES/rhc-1.6.0.tar.gz
|
||||
SOURCES/selinux-1.7.4.tar.gz
|
||||
SOURCES/snapshot-1.3.1.tar.gz
|
||||
SOURCES/ssh-1.3.2.tar.gz
|
||||
SOURCES/storage-1.16.2.tar.gz
|
||||
SOURCES/systemd-1.1.2.tar.gz
|
||||
SOURCES/timesync-1.8.2.tar.gz
|
||||
SOURCES/tlog-1.3.3.tar.gz
|
||||
SOURCES/vpn-1.6.3.tar.gz
|
||||
SOURCES/ansible-posix-1.4.0.tar.gz
|
||||
SOURCES/ansible-sshd-9766d9097a87a130d4c8abde2247aaad5c925ecf.tar.gz
|
||||
SOURCES/auto-maintenance-c22eff88d40972158cd5c413b7468b4e904cc76c.tar.gz
|
||||
SOURCES/certificate-1.1.6.tar.gz
|
||||
SOURCES/cockpit-1.3.0.tar.gz
|
||||
SOURCES/community-general-5.4.0.tar.gz
|
||||
SOURCES/crypto_policies-1.2.6.tar.gz
|
||||
SOURCES/firewall-1.4.0.tar.gz
|
||||
SOURCES/ha_cluster-1.7.4.tar.gz
|
||||
SOURCES/kdump-1.2.5.tar.gz
|
||||
SOURCES/kernel_settings-1.1.10.tar.gz
|
||||
SOURCES/logging-1.10.0.tar.gz
|
||||
SOURCES/metrics-1.7.3.tar.gz
|
||||
SOURCES/nbde_client-1.2.6.tar.gz
|
||||
SOURCES/nbde_server-1.1.5.tar.gz
|
||||
SOURCES/network-1.9.1.tar.gz
|
||||
SOURCES/postfix-1.2.4.tar.gz
|
||||
SOURCES/selinux-1.4.0.tar.gz
|
||||
SOURCES/ssh-1.1.9.tar.gz
|
||||
SOURCES/storage-1.9.1.tar.gz
|
||||
SOURCES/timesync-1.6.9.tar.gz
|
||||
SOURCES/tlog-1.2.9.tar.gz
|
||||
SOURCES/vpn-1.3.5.tar.gz
|
||||
|
23
.rhel-system-roles.metadata
Normal file
23
.rhel-system-roles.metadata
Normal file
@ -0,0 +1,23 @@
|
||||
bca451fd997be80be30f106e49f1bf550d2e609c SOURCES/ansible-posix-1.4.0.tar.gz
|
||||
c47e62ecf6502d952378206626ba66e456a73513 SOURCES/ansible-sshd-9766d9097a87a130d4c8abde2247aaad5c925ecf.tar.gz
|
||||
453a44d1259addc4f702ea79da7b810b420e21f1 SOURCES/auto-maintenance-c22eff88d40972158cd5c413b7468b4e904cc76c.tar.gz
|
||||
25e2045c8fc9d6455d7c5b0c7d32d4976ebc5178 SOURCES/certificate-1.1.6.tar.gz
|
||||
77b34cce8b416fec3a50900b47cbe6b8216e3036 SOURCES/cockpit-1.3.0.tar.gz
|
||||
58f117fafe36a19425b3a9bc0ba69f33e5fa81ee SOURCES/community-general-5.4.0.tar.gz
|
||||
56bc0763e0b549c3499a80e95d0953ee6769136a SOURCES/crypto_policies-1.2.6.tar.gz
|
||||
4ee58deb2a514edd81dbcc56508be4ca9fd49089 SOURCES/firewall-1.4.0.tar.gz
|
||||
6ac7fbfa996fd4425415601d28e5b7b0790682ae SOURCES/ha_cluster-1.7.4.tar.gz
|
||||
6ae0614d51db00957943fad6967674c0de88862c SOURCES/kdump-1.2.5.tar.gz
|
||||
17f28f701d7842499b232a7b28daae5f51ea631b SOURCES/kernel_settings-1.1.10.tar.gz
|
||||
042ba1183db4d36742a21c92111d68415c7c951a SOURCES/logging-1.10.0.tar.gz
|
||||
4ebbf457b9f0d767d19b7ef322b848e5e4da50ef SOURCES/metrics-1.7.3.tar.gz
|
||||
80baf489aea9052ad11c84df7a6adfca75ce7a7b SOURCES/nbde_client-1.2.6.tar.gz
|
||||
2e2ad1b455da8c0a198524a08ffe16f2c954f131 SOURCES/nbde_server-1.1.5.tar.gz
|
||||
cb01d5d59afdf4f514de5fda2220ea8271ecb699 SOURCES/network-1.9.1.tar.gz
|
||||
4a31ac4e7d4de65c2a74cfc6f3c4ff852d5a578c SOURCES/postfix-1.2.4.tar.gz
|
||||
a54aee1fa1b0ee023e4168d0abe880ad6ea64dcb SOURCES/selinux-1.4.0.tar.gz
|
||||
fcdbd369bcc41df028f842e49ebff28370d3adb4 SOURCES/ssh-1.1.9.tar.gz
|
||||
10b9bf8f3b16fc99d6070af6dbf82f9f889a8ff6 SOURCES/storage-1.9.1.tar.gz
|
||||
c0af2701a0f8db1d721bf6df4ba257888be0fe87 SOURCES/timesync-1.6.9.tar.gz
|
||||
53fd0059c1da4c42228a9c0df592a96cd5a5060f SOURCES/tlog-1.2.9.tar.gz
|
||||
ec3e9a88af360861ea3ef4be92fbb6776690272d SOURCES/vpn-1.3.5.tar.gz
|
@ -0,0 +1,79 @@
|
||||
From 1bda31d2d07ed9042b09b0596904dd4f317d8f48 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Mon, 26 Sep 2022 20:20:47 +0200
|
||||
Subject: [PATCH] Add final version of the option RequiredRSASize (#53)
|
||||
|
||||
* Update source template to match generated template
|
||||
|
||||
* Add final name of the RequiredRSASize parameter
|
||||
|
||||
keeping the old version for backward compatibility.
|
||||
|
||||
Upstream commit:
|
||||
https://github.com/openssh/openssh-portable/commit/54b333d1
|
||||
---
|
||||
.dev-tools/10_top.j2 | 4 ++--
|
||||
.dev-tools/options_body | 1 +
|
||||
templates/ssh_config.j2 | 3 +++
|
||||
3 files changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/.dev-tools/10_top.j2 b/.dev-tools/10_top.j2
|
||||
index 99704bd..8411de8 100644
|
||||
--- a/.dev-tools/10_top.j2
|
||||
+++ b/.dev-tools/10_top.j2
|
||||
@@ -7,10 +7,10 @@
|
||||
{% elif value is sameas false %}
|
||||
{{ key }} no
|
||||
{% elif value is string or value is number %}
|
||||
-{{ key }} {{ value }}
|
||||
+{{ key }} {{ value | string }}
|
||||
{% else %}
|
||||
{% for i in value %}
|
||||
-{{ key }} {{ i }}
|
||||
+{{ key }} {{ i | string }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
diff --git a/.dev-tools/options_body b/.dev-tools/options_body
|
||||
index 176879d..8cc382f 100644
|
||||
--- a/.dev-tools/options_body
|
||||
+++ b/.dev-tools/options_body
|
||||
@@ -84,6 +84,7 @@ RekeyLimit
|
||||
RemoteCommand
|
||||
RemoteForward
|
||||
RequestTTY
|
||||
+RequiredRSASize
|
||||
RevokedHostKeys
|
||||
RhostsRSAAuthentication
|
||||
RSAAuthentication
|
||||
diff --git a/templates/ssh_config.j2 b/templates/ssh_config.j2
|
||||
index fab57de..7f277c7 100644
|
||||
--- a/templates/ssh_config.j2
|
||||
+++ b/templates/ssh_config.j2
|
||||
@@ -119,6 +119,7 @@ Match {{ match["Condition"] }}
|
||||
{{ render_option("RemoteCommand",match["RemoteCommand"],true) -}}
|
||||
{{ render_option("RemoteForward",match["RemoteForward"],true) -}}
|
||||
{{ render_option("RequestTTY",match["RequestTTY"],true) -}}
|
||||
+{{ render_option("RequiredRSASize",match["RequiredRSASize"],true) -}}
|
||||
{{ render_option("RevokedHostKeys",match["RevokedHostKeys"],true) -}}
|
||||
{{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}}
|
||||
{{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}}
|
||||
@@ -240,6 +241,7 @@ Host {{ host["Condition"] }}
|
||||
{{ render_option("RemoteCommand",host["RemoteCommand"],true) -}}
|
||||
{{ render_option("RemoteForward",host["RemoteForward"],true) -}}
|
||||
{{ render_option("RequestTTY",host["RequestTTY"],true) -}}
|
||||
+{{ render_option("RequiredRSASize",host["RequiredRSASize"],true) -}}
|
||||
{{ render_option("RevokedHostKeys",host["RevokedHostKeys"],true) -}}
|
||||
{{ render_option("RhostsRSAAuthentication",host["RhostsRSAAuthentication"],true) -}}
|
||||
{{ render_option("RSAAuthentication",host["RSAAuthentication"],true) -}}
|
||||
@@ -354,6 +356,7 @@ Host {{ host["Condition"] }}
|
||||
{{ body_option("RemoteCommand",ssh_RemoteCommand) -}}
|
||||
{{ body_option("RemoteForward",ssh_RemoteForward) -}}
|
||||
{{ body_option("RequestTTY",ssh_RequestTTY) -}}
|
||||
+{{ body_option("RequiredRSASize",ssh_RequiredRSASize) -}}
|
||||
{{ body_option("RevokedHostKeys",ssh_RevokedHostKeys) -}}
|
||||
{{ body_option("RhostsRSAAuthentication",ssh_RhostsRSAAuthentication) -}}
|
||||
{{ body_option("RSAAuthentication",ssh_RSAAuthentication) -}}
|
||||
--
|
||||
2.37.3
|
||||
|
83
SOURCES/0001-sshd-Add-final-version-of-RequiredRSASize.patch
Normal file
83
SOURCES/0001-sshd-Add-final-version-of-RequiredRSASize.patch
Normal file
@ -0,0 +1,83 @@
|
||||
From 1408f489240dca04f086e4b32b253313eea28ea8 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Mon, 26 Sep 2022 15:26:12 +0200
|
||||
Subject: [PATCH] Add final version of RequiredRSASize
|
||||
|
||||
Keep the old version for backward compatibility
|
||||
|
||||
Upstream commit:
|
||||
https://github.com/openssh/openssh-portable/commit/1875042c
|
||||
---
|
||||
meta/options_body | 1 +
|
||||
meta/options_match | 1 +
|
||||
templates/sshd_config.j2 | 2 ++
|
||||
templates/sshd_config_snippet.j2 | 2 ++
|
||||
4 files changed, 6 insertions(+)
|
||||
|
||||
diff --git a/meta/options_body b/meta/options_body
|
||||
index 8681269..23a00f4 100644
|
||||
--- a/meta/options_body
|
||||
+++ b/meta/options_body
|
||||
@@ -89,6 +89,7 @@ PubkeyAuthentication
|
||||
RSAAuthentication
|
||||
RSAMinSize
|
||||
RekeyLimit
|
||||
+RequiredRSASize
|
||||
RevokedKeys
|
||||
RDomain
|
||||
RhostsRSAAuthentication
|
||||
diff --git a/meta/options_match b/meta/options_match
|
||||
index 6ef9214..5ec1413 100644
|
||||
--- a/meta/options_match
|
||||
+++ b/meta/options_match
|
||||
@@ -47,6 +47,7 @@ PubkeyAuthentication
|
||||
RDomain
|
||||
RekeyLimit
|
||||
RevokedKeys
|
||||
+RequiredRSASize
|
||||
RhostsRSAAuthentication
|
||||
RSAAuthentication
|
||||
RSAMinSize
|
||||
diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
|
||||
index 2899f0a..a3b2465 100644
|
||||
--- a/templates/sshd_config.j2
|
||||
+++ b/templates/sshd_config.j2
|
||||
@@ -89,6 +89,7 @@ Match {{ match["Condition"] }}
|
||||
{{ render_option("RDomain",match["RDomain"],true) -}}
|
||||
{{ render_option("RekeyLimit",match["RekeyLimit"],true) -}}
|
||||
{{ render_option("RevokedKeys",match["RevokedKeys"],true) -}}
|
||||
+{{ render_option("RequiredRSASize",match["RequiredRSASize"],true) -}}
|
||||
{{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}}
|
||||
{{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}}
|
||||
{{ render_option("RSAMinSize",match["RSAMinSize"],true) -}}
|
||||
@@ -203,6 +204,7 @@ Match {{ match["Condition"] }}
|
||||
{{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}}
|
||||
{{ body_option("RSAMinSize",sshd_RSAMinSize) -}}
|
||||
{{ body_option("RekeyLimit",sshd_RekeyLimit) -}}
|
||||
+{{ body_option("RequiredRSASize",sshd_RequiredRSASize) -}}
|
||||
{{ body_option("RevokedKeys",sshd_RevokedKeys) -}}
|
||||
{{ body_option("RDomain",sshd_RDomain) -}}
|
||||
{{ body_option("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) -}}
|
||||
diff --git a/templates/sshd_config_snippet.j2 b/templates/sshd_config_snippet.j2
|
||||
index 0ece8ed..a12cb3b 100644
|
||||
--- a/templates/sshd_config_snippet.j2
|
||||
+++ b/templates/sshd_config_snippet.j2
|
||||
@@ -88,6 +88,7 @@ Match {{ match["Condition"] }}
|
||||
{{ render_option("RDomain",match["RDomain"],true) -}}
|
||||
{{ render_option("RekeyLimit",match["RekeyLimit"],true) -}}
|
||||
{{ render_option("RevokedKeys",match["RevokedKeys"],true) -}}
|
||||
+{{ render_option("RequiredRSASize",match["RequiredRSASize"],true) -}}
|
||||
{{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}}
|
||||
{{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}}
|
||||
{{ render_option("RSAMinSize",match["RSAMinSize"],true) -}}
|
||||
@@ -202,6 +203,7 @@ Match {{ match["Condition"] }}
|
||||
{{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}}
|
||||
{{ body_option("RSAMinSize",sshd_RSAMinSize) -}}
|
||||
{{ body_option("RekeyLimit",sshd_RekeyLimit) -}}
|
||||
+{{ body_option("RequiredRSASize",sshd_RequiredRSASize) -}}
|
||||
{{ body_option("RevokedKeys",sshd_RevokedKeys) -}}
|
||||
{{ body_option("RDomain",sshd_RDomain) -}}
|
||||
{{ body_option("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) -}}
|
||||
--
|
||||
2.37.3
|
||||
|
@ -1,152 +1,16 @@
|
||||
Changelog
|
||||
=========
|
||||
[1.23.0] - 2024-01-15
|
||||
[1.20.1] - 2022-09-27
|
||||
----------------------------
|
||||
|
||||
### New Features
|
||||
|
||||
- [RHEL for Edge support in system roles](https://issues.redhat.com/browse/RHEL-15872)
|
||||
- [ad_integration - feat: Add sssd custom settings](https://issues.redhat.com/browse/RHEL-17667)
|
||||
- [ad_integration - Enable AD dynamic DNS updates](https://issues.redhat.com/browse/RHEL-1119)
|
||||
- [ad_integration - feat: add ad_integration_preserve_authselect_profile](https://issues.redhat.com/browse/RHEL-21383)
|
||||
- [ad_integration - feat: Add SSSD parameters support](https://issues.redhat.com/browse/RHEL-21134)
|
||||
- [bootloader - Create bootloader role (MVP)](https://issues.redhat.com/browse/RHEL-3241)
|
||||
- [fapolicyd - feat: Import code for fapolicyd system role](https://issues.redhat.com/browse/RHEL-16542)
|
||||
- [ha_cluster - [RFE] HA Cluster system role should be able to enable Resilient Storage repository](https://issues.redhat.com/browse/RHEL-14090)
|
||||
- [ha_cluster - [FutureFeature] Allow ha_cluster role to configure fencing topology](https://issues.redhat.com/browse/RHEL-4624)
|
||||
- [ha_cluster - [FutureFeature] Allow ha_cluster role to configure all qdevice options](https://issues.redhat.com/browse/RHEL-3264)
|
||||
- [ha_cluster - Setting cluster members attributes](https://issues.redhat.com/browse/RHEL-22108)
|
||||
- [journald - feat: Add support for ForwardToSyslog](https://issues.redhat.com/browse/RHEL-21123)
|
||||
- [logging - feat: Add support for the global config option preserveFQDN with a new logg…](https://issues.redhat.com/browse/RHEL-15933)
|
||||
- [logging - feat: Add support for general queue and general action parameters](https://issues.redhat.com/browse/RHEL-15440)
|
||||
- [metrics - [RFE] Metrics system role support for configuring PMIE webhooks](https://issues.redhat.com/browse/RHEL-18170)
|
||||
- [network - Add blackhole type route](https://issues.redhat.com/browse/RHEL-21491)
|
||||
- [postgresql - feat: Enable support for Postgresql 16](https://issues.redhat.com/browse/RHEL-18963)
|
||||
- [rhc - support RHEL 7 managed nodes](https://issues.redhat.com/browse/RHEL-16977)
|
||||
- [rhc - new rhc_insights.ansible_host parameter](https://issues.redhat.com/browse/RHEL-16975)
|
||||
- [rhc - new rhc_insights.display_name parameter](https://issues.redhat.com/browse/RHEL-16965)
|
||||
- [snapshot - New Role for storage snapshot management (lvm, etc.)](https://issues.redhat.com/browse/RHEL-16553)
|
||||
- [sshd - ansible-sshd Manage SSH certificates](https://issues.redhat.com/browse/RHEL-5985)
|
||||
- [storage - feat: Support for creating volumes without a FS](https://issues.redhat.com/browse/RHEL-16213)
|
||||
- [storage - Basic support for creating shared logical volumes (RHEL 8)](https://issues.redhat.com/browse/RHEL-14022)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
- [ha_cluster - high-availability firewall service is not added on qdevice node](https://issues.redhat.com/browse/RHEL-17874)
|
||||
- [ha_cluster - Timeout issue between SBD with delay-start and systemd unit](https://issues.redhat.com/browse/RHEL-4684)
|
||||
- [kdump - fix: retry read of kexec_crash_size](https://issues.redhat.com/browse/RHEL-3354)
|
||||
- [keylime_server - won't detect registrar start failure](https://issues.redhat.com/browse/RHEL-21946)
|
||||
- [logging - fix: check that logging_max_message_size is set, not rsyslog_max_message_size](https://issues.redhat.com/browse/RHEL-15038)
|
||||
- [nbde_server - fix: Allow tangd socket override directory to be managed outside of the role](https://issues.redhat.com/browse/RHEL-25509)
|
||||
- [network - Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"](https://issues.redhat.com/browse/RHEL-16501)
|
||||
- [podman - fix: cast secret data to string in order to allow JSON valued strings](https://issues.redhat.com/browse/RHEL-22310)
|
||||
- [podman - fix: name of volume quadlet service should be basename-volume.service](https://issues.redhat.com/browse/RHEL-21402)
|
||||
- [podman - fix: add no_log: true for tasks that can log secret data](https://issues.redhat.com/browse/RHEL-19242)
|
||||
- [podman - fix: user linger needed before secrets](https://issues.redhat.com/browse/RHEL-22229)
|
||||
- [postgresql - PostgreSQL system role: unable to install PostgreSQL version 15 on RHEL 9](https://issues.redhat.com/browse/RHEL-21400)
|
||||
- [selinux - fix: Use `ignore_selinux_state` module option](https://issues.redhat.com/browse/RHEL-15871)
|
||||
- [selinux - fix: Print an error message when module to be created doesn't exist](https://issues.redhat.com/browse/RHEL-19044)
|
||||
- [selinux - fix: no longer use "item" as a loop variable](https://issues.redhat.com/browse/RHEL-19042)
|
||||
|
||||
[1.22.0] - 2023-08-15
|
||||
----------------------------
|
||||
|
||||
### New Features
|
||||
|
||||
- [ALL - fingerprint in config files managed by roles](https://bugzilla.redhat.com/show_bug.cgi?id=2186910)
|
||||
- [ad_integration - add ad_integration_force_rejoin](https://bugzilla.redhat.com/show_bug.cgi?id=2211723)
|
||||
- [certificate - add mode parameter to change permissions for cert files](https://bugzilla.redhat.com/show_bug.cgi?id=2218204)
|
||||
- [firewall - missing module in linux-system-roles.firewall to create an ipset](https://bugzilla.redhat.com/show_bug.cgi?id=2140880)
|
||||
- [firewall - fix: reload on resetting to defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2224648)
|
||||
- [firewall - should have option to disable conflicting services](https://bugzilla.redhat.com/show_bug.cgi?id=2222809)
|
||||
- [ha_cluster - Add possibility to load SBD watchdog kernel modules](https://bugzilla.redhat.com/show_bug.cgi?id=2190478)
|
||||
- [ha_cluster - cluster and quorum can have distinct passwords](https://bugzilla.redhat.com/show_bug.cgi?id=2216485)
|
||||
- [ha_cluster - support for resource and operation defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2190483)
|
||||
- [kdump - support auto_reset_crashkernel, dracut_args, deprecate /etc/sysconfig/kdump](https://bugzilla.redhat.com/show_bug.cgi?id=2211272)
|
||||
- [keylime_server - system role for managing keylime servers](https://bugzilla.redhat.com/show_bug.cgi?id=2224387)
|
||||
- [network - Support configuring auto-dns setting](https://bugzilla.redhat.com/show_bug.cgi?id=2211273)
|
||||
- [network - Support no-aaaa DNS option](https://bugzilla.redhat.com/show_bug.cgi?id=2218595)
|
||||
- [podman - allow container networking configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2220963)
|
||||
- [podman - support for healthchecks and healthcheck actions](https://bugzilla.redhat.com/show_bug.cgi?id=2220961)
|
||||
- [podman - support quadlet units](https://bugzilla.redhat.com/show_bug.cgi?id=2220962)
|
||||
- [postgresql - [RFE] system role for PostgreSQL management](https://bugzilla.redhat.com/show_bug.cgi?id=2151371)
|
||||
- [rhc - implement rhc_proxy.scheme](https://bugzilla.redhat.com/show_bug.cgi?id=2211778)
|
||||
- [rhc - [RFE] New role for Red Hat subscription management, insights management [rhel-8.9.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2179016)
|
||||
- [ssh - add ssh_backup option with default true](https://bugzilla.redhat.com/show_bug.cgi?id=2216759)
|
||||
- [storage - RFE for the storage system role to support configuring the stripe size for RAID LVM volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2141961)
|
||||
- [storage - [RFE] user-specified mount point owner and permissions](https://bugzilla.redhat.com/show_bug.cgi?id=2181661)
|
||||
- [systemd - system role for managing systemd units](https://bugzilla.redhat.com/show_bug.cgi?id=2224388)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
- [ALL - facts being gathered unnecessarily](https://bugzilla.redhat.com/show_bug.cgi?id=2223036)
|
||||
- [ad_integration - leaks credentials when in check_mode](https://bugzilla.redhat.com/show_bug.cgi?id=2233183)
|
||||
- [certificate - rhel-system-roles.certificate does not re-issue after updating key_size](https://bugzilla.redhat.com/show_bug.cgi?id=2186057)
|
||||
- [firewall - fix: reload on resetting to defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2224648)
|
||||
- [firewall - Check mode fails with replacing previous rules](https://issues.redhat.com/browse/RHEL-899)
|
||||
- [firewall - Check mode fails when creating new firewall service](https://bugzilla.redhat.com/show_bug.cgi?id=2222433)
|
||||
- [firewall - Ansible RHEL firewall system role not idempotent when configuring the interface using the role in rhel9](https://issues.redhat.com/browse/RHEL-918)
|
||||
- [firewall - Don't install python(3)-firewall it's a dependency of firewalld](https://bugzilla.redhat.com/show_bug.cgi?id=2216521)
|
||||
- [firewall - fix: files: overwrite firewalld.conf on previous replaced](https://issues.redhat.com/browse/RHEL-1496)
|
||||
- [kdump - use failure_action instead of default on EL9 and later](https://issues.redhat.com/browse/RHEL-907)
|
||||
- [kdump - role: "Write new authorized_keys if needed" task idempotency issues](https://bugzilla.redhat.com/show_bug.cgi?id=2232391)
|
||||
- [kdump - system role fails if kdump_ssh_user doesn't have a .ssh/authorized_keys file in home directory](https://bugzilla.redhat.com/show_bug.cgi?id=2232392)
|
||||
- [kdump - fix: ensure .ssh directory exists for kdump_ssh_user on kdump_ssh_server](https://issues.redhat.com/browse/RHEL-1398)
|
||||
- [kdump - fix: Ensure authorized_keys management works with multiple hosts](https://issues.redhat.com/browse/RHEL-1500)
|
||||
- [podman - Podman system role: Unable to use podman_registries_conf to set unqualified-search-registries](https://bugzilla.redhat.com/show_bug.cgi?id=2226077)
|
||||
- [rhc - system role does not apply Insights tags](https://bugzilla.redhat.com/show_bug.cgi?id=2209441)
|
||||
- [storage - Cannot set chunk size for RAID: Unsupported parameters for (blivet) module: pools.raid_chunk_size](https://bugzilla.redhat.com/show_bug.cgi?id=2193057)
|
||||
- [storage - RAID volume pre cleanup - remove existing data from member disks as needed before creation](https://bugzilla.redhat.com/show_bug.cgi?id=2224094)
|
||||
- [storage - Storage: mounted devices that are in use cannot be resized](https://bugzilla.redhat.com/show_bug.cgi?id=2168738)
|
||||
- [storage - fix: use stat.pw_name, stat.gr_name instead of owner, group](https://issues.redhat.com/browse/RHEL-1498)
|
||||
- [tlog - use the proxy provider - the files provider is deprecated in sssd](https://bugzilla.redhat.com/show_bug.cgi?id=2191702)
|
||||
|
||||
[1.21.1] - 2023-03-16
|
||||
----------------------------
|
||||
|
||||
### New Features
|
||||
|
||||
- [rhc - New Role - Red Hat subscription management, insights management](https://bugzilla.redhat.com/show_bug.cgi?id=2144877)
|
||||
- [ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles](https://bugzilla.redhat.com/show_bug.cgi?id=2129875)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
- none
|
||||
|
||||
[1.21.0] - 2023-02-20
|
||||
----------------------------
|
||||
|
||||
### New Features
|
||||
|
||||
- [ad_integration - [RFE] new role to support AD integration, join to AD domain](https://bugilla.redhat.com/show_bug.cgi?id=2144876)
|
||||
- [cockpit - [RFE] convert cockpit role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2137667)
|
||||
- [ha_cluster - Allow quorum device configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2143814)
|
||||
- [ha_cluster - [RFE] convert ha_cluster role to use firewall, selinux and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130019)
|
||||
- [journald - New role - journald - manage systemd-journald](https://bugzilla.redhat.com/show_bug.cgi?id=2165176)
|
||||
- [logging - [RFE] convert logging role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130362)
|
||||
- [metrics - [RFE] convert metrics role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133532)
|
||||
- [nbde_server - [RFE] convert nbde_server role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133931)
|
||||
- [network - Support cloned MAC address](https://bugzilla.redhat.com/show_bug.cgi?id=2143458)
|
||||
- [network - [RFE] Support setting the metric of the default route for initscripts provider](https://bugzilla.redhat.com/show_bug.cgi?id=2134201)
|
||||
- [network - [RFE] Support the DNS priority](https://bugzilla.redhat.com/show_bug.cgi?id=2133856)
|
||||
- [network - Support looking up named route table in routing rule](https://bugzilla.redhat.com/show_bug.cgi?id=2129620)
|
||||
- [podman - [RFE] role for managing podman containers and systemd](https://bugzilla.redhat.com/show_bug.cgi?id=2066864)
|
||||
- [postfix - [RFE] convert postfix role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130332)
|
||||
- [selinux - add support for the 'local' parameter](https://bugzilla.redhat.com/show_bug.cgi?id=2143385)
|
||||
- [vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid](https://bugzilla.redhat.com/show_bug.cgi?id=2119600)
|
||||
- [vpn - [RFE] convert vpn role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130345)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
- [ha_cluster - Fix stonith watchdog timeout](https://bugzilla.redhat.com/show_bug.cgi?id=2167941)
|
||||
- [ha_cluster - Allow enabled SBD on disabled cluster](https://bugzilla.redhat.com/show_bug.cgi?id=2153081)
|
||||
- [ha_cluster - use no_log in tasks looping over pot. secret parameters](https://bugzilla.redhat.com/show_bug.cgi?id=2127497)
|
||||
- [nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data](https://bugzilla.redhat.com/show_bug.cgi?id=2159972)
|
||||
- [nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names](https://bugzilla.redhat.com/show_bug.cgi?id=2126960)
|
||||
- [network - should route traffic via correct bond](https://bugzilla.redhat.com/show_bug.cgi?id=2168733)
|
||||
- [selinux - managing modules is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=2164879)
|
||||
- [sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found](https://bugzilla.redhat.com/show_bug.cgi?id=2143401)
|
||||
- [tlog - Unconditionally enable the files provider](https://bugzilla.redhat.com/show_bug.cgi?id=2153080)
|
||||
|
||||
[1.20.0] - 2022-08-09
|
||||
----------------------------
|
||||
|
||||
|
@ -1 +0,0 @@
|
||||
See docs/CHANGELOG.md
|
@ -1,21 +0,0 @@
|
||||
# Helper macros originally from macros.ansible by Igor Raits <ignatenkobrain>
|
||||
# This file is for maintaining the compatibility with macros and other
|
||||
# functionality (generators) provided by ansible-packaging on Fedora.
|
||||
|
||||
Provides: ansible-collection(%{collection_namespace}.%{collection_name}) = %{collection_version}
|
||||
|
||||
# ansible-galaxy is available by ansible-core on RHEL 8.6 and newer at buildtime.
|
||||
%define ansible_collection_build() ansible-galaxy collection build
|
||||
%define ansible_collection_install() ansible-galaxy collection install -n -p %{buildroot}%{_datadir}/ansible/collections %{collection_namespace}-%{collection_name}-%{version}.tar.gz
|
||||
|
||||
%define ansible_roles_dir %{_datadir}/ansible/roles
|
||||
%define ansible_collections_dir %{_datadir}/ansible/collections/ansible_collections
|
||||
|
||||
# TODO: Officially deprecate this macro and add the following line to the macro
|
||||
# def after the new approach has gotten more testing and adoption:
|
||||
# %%{warn: %%{ansible_collection_files} is deprecated. Use %%files -f %%{ansible_collection_filelist} instead.}
|
||||
%define ansible_collection_files %{shrink:
|
||||
%{ansible_collections_dir}/%{collection_namespace}/
|
||||
}
|
||||
|
||||
%define ansible_collection_filelist %{__ansible_builddir}/ansible_collection_files
|
@ -1,10 +0,0 @@
|
||||
Source801: https://galaxy.ansible.com/download/ansible-posix-1.5.4.tar.gz
|
||||
Source901: https://galaxy.ansible.com/download/community-general-8.3.0.tar.gz
|
||||
Source902: https://galaxy.ansible.com/download/containers-podman-1.12.0.tar.gz
|
||||
|
||||
Provides: bundled(ansible-collection(ansible.posix)) = 1.5.4
|
||||
Provides: bundled(ansible-collection(community.general)) = 8.3.0
|
||||
Provides: bundled(ansible-collection(containers.podman)) = 1.12.0
|
||||
|
||||
Source996: CHANGELOG.rst
|
||||
Source998: collection_readme.sh
|
65
SOURCES/network-disable-bondtests.diff
Normal file
65
SOURCES/network-disable-bondtests.diff
Normal file
@ -0,0 +1,65 @@
|
||||
From d6c8319f52f3859b28044841063adf0013df878b Mon Sep 17 00:00:00 2001
|
||||
From: Rich Megginson <rmeggins@redhat.com>
|
||||
Date: Thu, 25 Mar 2021 13:57:45 -0600
|
||||
Subject: [PATCH 3/4] Patch53: network-disable-bondtests.diff
|
||||
|
||||
---
|
||||
tests/playbooks/tests_bond.yml | 2 ++
|
||||
tests/playbooks/tests_bond_deprecated.yml | 2 ++
|
||||
tests/tests_bond_deprecated_initscripts.yml | 1 +
|
||||
tests/tests_bond_initscripts.yml | 1 +
|
||||
4 files changed, 6 insertions(+)
|
||||
|
||||
diff --git a/tests/playbooks/tests_bond.yml b/tests/playbooks/tests_bond.yml
|
||||
index 1e45788..d3005a6 100644
|
||||
--- a/tests/playbooks/tests_bond.yml
|
||||
+++ b/tests/playbooks/tests_bond.yml
|
||||
@@ -8,6 +8,8 @@
|
||||
dhcp_interface1: test1
|
||||
port2_profile: bond0.1
|
||||
dhcp_interface2: test2
|
||||
+ tags:
|
||||
+ - "tests::expfail"
|
||||
tasks:
|
||||
- name: "INIT Prepare setup"
|
||||
debug:
|
||||
diff --git a/tests/playbooks/tests_bond_deprecated.yml b/tests/playbooks/tests_bond_deprecated.yml
|
||||
index f37e19a..ae475c4 100644
|
||||
--- a/tests/playbooks/tests_bond_deprecated.yml
|
||||
+++ b/tests/playbooks/tests_bond_deprecated.yml
|
||||
@@ -8,6 +8,8 @@
|
||||
dhcp_interface1: test1
|
||||
port2_profile: bond0.1
|
||||
dhcp_interface2: test2
|
||||
+ tags:
|
||||
+ - "tests::expfail"
|
||||
tasks:
|
||||
- name: "INIT Prepare setup"
|
||||
debug:
|
||||
diff --git a/tests/tests_bond_deprecated_initscripts.yml b/tests/tests_bond_deprecated_initscripts.yml
|
||||
index 383b488..cdf3de0 100644
|
||||
--- a/tests/tests_bond_deprecated_initscripts.yml
|
||||
+++ b/tests/tests_bond_deprecated_initscripts.yml
|
||||
@@ -10,6 +10,7 @@
|
||||
network_provider: initscripts
|
||||
tags:
|
||||
- always
|
||||
+ - "tests::expfail"
|
||||
|
||||
- import_playbook: playbooks/tests_bond_deprecated.yml
|
||||
when: (ansible_distribution in ['CentOS','RedHat'] and
|
||||
diff --git a/tests/tests_bond_initscripts.yml b/tests/tests_bond_initscripts.yml
|
||||
index 8fa74c5..6a231c4 100644
|
||||
--- a/tests/tests_bond_initscripts.yml
|
||||
+++ b/tests/tests_bond_initscripts.yml
|
||||
@@ -10,6 +10,7 @@
|
||||
network_provider: initscripts
|
||||
tags:
|
||||
- always
|
||||
+ - "tests::expfail"
|
||||
|
||||
- import_playbook: playbooks/tests_bond.yml
|
||||
when: (ansible_distribution in ['CentOS','RedHat'] and
|
||||
--
|
||||
2.30.2
|
||||
|
0
SOURCES/spec-to-changelog-md.sh
Normal file
0
SOURCES/spec-to-changelog-md.sh
Normal file
@ -1,102 +0,0 @@
|
||||
# maps the source file to the roles that use that file
|
||||
# value can be string or space delimited list of strings
|
||||
# role name `__collection` means - do not vendor into
|
||||
# role, just vendor directly into the collection
|
||||
declare -A plugin_map=(
|
||||
[ansible/posix/plugins/modules/selinux.py]=selinux
|
||||
[ansible/posix/plugins/modules/seboolean.py]=selinux
|
||||
[ansible/posix/plugins/modules/mount.py]=storage
|
||||
[ansible/posix/plugins/modules/rhel_facts.py]=__collection
|
||||
[ansible/posix/plugins/modules/rhel_rpm_ostree.py]=__collection
|
||||
[ansible/posix/plugins/module_utils/mount.py]=storage
|
||||
[community/general/plugins/modules/ini_file.py]="tlog ad_integration"
|
||||
[community/general/plugins/modules/modprobe.py]=ha_cluster
|
||||
[community/general/plugins/modules/redhat_subscription.py]=rhc
|
||||
[community/general/plugins/modules/rhsm_release.py]=rhc
|
||||
[community/general/plugins/modules/rhsm_repository.py]=rhc
|
||||
[community/general/plugins/modules/seport.py]=selinux
|
||||
[community/general/plugins/modules/sefcontext.py]=selinux
|
||||
[community/general/plugins/modules/selogin.py]=selinux
|
||||
[containers/podman/plugins/modules/podman_container_info.py]=podman
|
||||
[containers/podman/plugins/modules/podman_image.py]=podman
|
||||
[containers/podman/plugins/modules/podman_play.py]=podman
|
||||
[containers/podman/plugins/modules/podman_secret.py]=podman
|
||||
[containers/podman/plugins/module_utils/podman/common.py]=podman
|
||||
)
|
||||
|
||||
declare -a modules mod_utils collection_plugins
|
||||
declare -A dests
|
||||
# vendor in plugin files - fix documentation, fragments
|
||||
for src in "${!plugin_map[@]}"; do
|
||||
roles="${plugin_map["$src"]}"
|
||||
if [ "$roles" = __collection ]; then
|
||||
collection_plugins+=("$src")
|
||||
else
|
||||
case "$src" in
|
||||
*/plugins/modules/*) srcdir=plugins/modules; subdir=library; modules+=("$src") ;;
|
||||
*/plugins/module_utils/*) srcdir=plugins/module_utils; mod_utils+=("$src") ;;
|
||||
*/plugins/action/*) srcdir=plugins/action ;;
|
||||
esac
|
||||
fi
|
||||
for role in $roles; do
|
||||
if [ "$role" = __collection ]; then
|
||||
dest="%{collection_build_path}/plugins${src/#*plugins/}"
|
||||
dests["$dest"]=__collection
|
||||
else
|
||||
case "$src" in
|
||||
*/plugins/module_utils/*) subdir="module_utils/${role}_lsr" ;;
|
||||
esac
|
||||
dest="$role/${src/#*${srcdir}/${subdir}}"
|
||||
dests["$dest"]="$role"
|
||||
fi
|
||||
destdir="$(dirname "$dest")"
|
||||
if [ ! -d "$destdir" ]; then
|
||||
mkdir -p "$destdir"
|
||||
fi
|
||||
cp -pL ".external/$src" "$dest"
|
||||
sed -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this plugin directly! It is only for role internal use.\n\1/' \
|
||||
-e '/^extends_documentation_fragment:/,/^[^ -]/{/^extends/d;/^[ -]/d}' \
|
||||
-i "$dest"
|
||||
done
|
||||
done
|
||||
|
||||
# remove the temporary .external directory after vendoring
|
||||
rm -rf .external
|
||||
|
||||
# fix python imports to point from the old name to the new name
|
||||
for dest in "${!dests[@]}"; do
|
||||
role="${dests["$dest"]}"
|
||||
for module in "${modules[@]}"; do
|
||||
python_name="$(dirname "$module")"
|
||||
python_name="${python_name////[.]}"
|
||||
sed -e "s/ansible_collections[.]${python_name}[.]/ansible.modules./" -i "$dest"
|
||||
done
|
||||
for mod_util in "${mod_utils[@]}"; do
|
||||
# some mod_utils have subdirs, some do not
|
||||
split=(${mod_util//// })
|
||||
python_name="ansible_collections[.]${split[0]}[.]${split[1]}[.]plugins[.]module_utils[.]"
|
||||
sed -e "s/${python_name}/ansible.module_utils.${role}_lsr./" -i "$dest"
|
||||
done
|
||||
for plugin in "${collection_plugins[@]}"; do
|
||||
python_name="$(dirname "$plugin")"
|
||||
dest_python_name="%{collection_namespace}/%{collection_name}/plugins${python_name/#*plugins/}"
|
||||
src_python_name="ansible_collections.${python_name////[.]}"
|
||||
dest_python_name="ansible_collections.${dest_python_name////.}"
|
||||
sed -e "s/${src_python_name}/${dest_python_name}/" -i "$dest"
|
||||
done
|
||||
done
|
||||
|
||||
# Replacing "linux-system-roles.rolename" with "rhel-system-roles.rolename" in each role
|
||||
# Replacing "fedora.linux_system_roles." with "redhat.rhel_system_roles" in each role
|
||||
# This is for the "roles calling other roles" case
|
||||
# for podman, change the FQCN - using a non-FQCN module name doesn't seem to work,
|
||||
# even for the legacy role format
|
||||
for rolename in %{rolenames}; do
|
||||
find "$rolename" -type f -exec \
|
||||
sed -e "s/linux-system-roles[.]${rolename}\\>/%{roleinstprefix}${rolename}/g" \
|
||||
-e "s/fedora[.]linux_system_roles[.]/%{collection_namespace}.%{collection_name}./g" \
|
||||
-e "s/containers[.]podman[.]/%{collection_namespace}.%{collection_name}./g" \
|
||||
-e "s/community[.]general[.]/%{collection_namespace}.%{collection_name}./g" \
|
||||
-e "s/ansible[.]posix[.]/%{collection_namespace}.%{collection_name}./g" \
|
||||
-i {} \;
|
||||
done
|
@ -1,12 +0,0 @@
|
||||
# Untar vendored collection tarballs to corresponding directories
|
||||
for file in %{SOURCE801} %{SOURCE901} %{SOURCE902}; do
|
||||
if [[ "$(basename $file)" =~ ([^-]+)-([^-]+)-(.+).tar.gz ]]; then
|
||||
ns=${BASH_REMATCH[1]}
|
||||
name=${BASH_REMATCH[2]}
|
||||
ver=${BASH_REMATCH[3]}
|
||||
mkdir -p .external/$ns/$name
|
||||
pushd .external/$ns/$name > /dev/null
|
||||
tar xfz "$file"
|
||||
popd > /dev/null
|
||||
fi
|
||||
done
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user