Import from AlmaLinux stable repository

.gitignore

@@ -1,23 +1,34 @@
-SOURCES/ansible-posix-1.3.0.tar.gz
-SOURCES/ansible-sshd-214df35c0bee77b5d69f49c2da269251d451b28f.tar.gz
-SOURCES/auto-maintenance-5e7bb389fc5e93184871b3907e75ba896874dc21.tar.gz
-SOURCES/certificate-1.1.3.tar.gz
-SOURCES/cockpit-1.2.1.tar.gz
-SOURCES/community-general-4.6.0.tar.gz
-SOURCES/crypto_policies-1.2.3.tar.gz
-SOURCES/firewall-1.1.0.tar.gz
-SOURCES/ha_cluster-1.4.1.tar.gz
-SOURCES/kdump-1.2.2.tar.gz
-SOURCES/kernel_settings-1.1.6.tar.gz
-SOURCES/logging-1.8.1.tar.gz
-SOURCES/metrics-1.5.1.tar.gz
-SOURCES/nbde_client-1.2.2.tar.gz
-SOURCES/nbde_server-1.1.2.tar.gz
-SOURCES/network-1.7.1.tar.gz
-SOURCES/postfix-1.2.0.tar.gz
-SOURCES/selinux-1.3.4.tar.gz
-SOURCES/ssh-1.1.4.tar.gz
-SOURCES/storage-1.7.0.tar.gz
-SOURCES/timesync-1.6.6.tar.gz
-SOURCES/tlog-1.2.6.tar.gz
-SOURCES/vpn-1.3.2.tar.gz
+SOURCES/ad_integration-1.4.2.tar.gz
+SOURCES/ansible-posix-1.5.4.tar.gz
+SOURCES/ansible-sshd-v0.23.2.tar.gz
+SOURCES/auto-maintenance-11ad785c9bb72611244e7909450ca4247e12db4d.tar.gz
+SOURCES/bootloader-1.0.3.tar.gz
+SOURCES/certificate-1.3.3.tar.gz
+SOURCES/cockpit-1.5.5.tar.gz
+SOURCES/community-general-8.3.0.tar.gz
+SOURCES/containers-podman-1.12.0.tar.gz
+SOURCES/crypto_policies-1.3.2.tar.gz
+SOURCES/fapolicyd-1.1.1.tar.gz
+SOURCES/firewall-1.7.4.tar.gz
+SOURCES/ha_cluster-1.14.0.tar.gz
+SOURCES/journald-1.2.3.tar.gz
+SOURCES/kdump-1.4.4.tar.gz
+SOURCES/kernel_settings-1.2.2.tar.gz
+SOURCES/keylime_server-1.1.2.tar.gz
+SOURCES/logging-1.12.4.tar.gz
+SOURCES/metrics-1.10.1.tar.gz
+SOURCES/nbde_client-1.2.17.tar.gz
+SOURCES/nbde_server-1.4.3.tar.gz
+SOURCES/network-1.15.1.tar.gz
+SOURCES/podman-1.4.7.tar.gz
+SOURCES/postfix-1.4.3.tar.gz
+SOURCES/postgresql-1.3.5.tar.gz
+SOURCES/rhc-1.6.0.tar.gz
+SOURCES/selinux-1.7.4.tar.gz
+SOURCES/snapshot-1.3.1.tar.gz
+SOURCES/ssh-1.3.2.tar.gz
+SOURCES/storage-1.16.2.tar.gz
+SOURCES/systemd-1.1.2.tar.gz
+SOURCES/timesync-1.8.2.tar.gz
+SOURCES/tlog-1.3.3.tar.gz
+SOURCES/vpn-1.6.3.tar.gz

.rhel-system-roles.metadata

@@ -1,23 +0,0 @@
-d2d2382c38eaf34d2295aba2aa4652d75ebbaeef SOURCES/ansible-posix-1.3.0.tar.gz
-a4d4556cf6628e87fa62dec6c46099338b499930 SOURCES/ansible-sshd-214df35c0bee77b5d69f49c2da269251d451b28f.tar.gz
-a2ec14498a7fd213f08dd24ca139039c958b07fd SOURCES/auto-maintenance-5e7bb389fc5e93184871b3907e75ba896874dc21.tar.gz
-cee41b5fd6359e9ddeb83c5af7b8057fef6b2334 SOURCES/certificate-1.1.3.tar.gz
-004064268df0e7dd154331b7799272d3277388d4 SOURCES/cockpit-1.2.1.tar.gz
-ad8684050c86bad7ce4882a84e14be6867a56d8d SOURCES/community-general-4.6.0.tar.gz
-0684c1335923ba8ebbb05afbd507e5ff31f874d6 SOURCES/crypto_policies-1.2.3.tar.gz
-fcb8d48ccaeba886859ce6afd3d14bbb3f8a5667 SOURCES/firewall-1.1.0.tar.gz
-9a990a4908bdf3269bce4f214907623780a5e221 SOURCES/ha_cluster-1.4.1.tar.gz
-a1c9c89dea1dbe2410465c29ad0e1d3637ac5f52 SOURCES/kdump-1.2.2.tar.gz
-0a681d1e3b236c4750d663f2a833e786a5e958ab SOURCES/kernel_settings-1.1.6.tar.gz
-e530528ba5f9478cc8604aa6612388ea8e5078af SOURCES/logging-1.8.1.tar.gz
-430ce63a7b45b97305e4f8591192fa7e58af8292 SOURCES/metrics-1.5.1.tar.gz
-0424321322eb4d80560a8d2d9fee406296728463 SOURCES/nbde_client-1.2.2.tar.gz
-33f0a3ea008021e69b2bbd7b25f6536f91e7613d SOURCES/nbde_server-1.1.2.tar.gz
-dcd2261fe6b6a998aca3eb6c968204152e2ffd51 SOURCES/network-1.7.1.tar.gz
-95c54da9ef5acaae9553f2c4ed250452502ab9e0 SOURCES/postfix-1.2.0.tar.gz
-4e5c5216814577ee55304721e5c811ed8857efbc SOURCES/selinux-1.3.4.tar.gz
-f38972c4b22a9f226b58725c7e9ba8fac692bba2 SOURCES/ssh-1.1.4.tar.gz
-0728b4e01261f84ce470431a4ea21907db75f26a SOURCES/storage-1.7.0.tar.gz
-0bd118c9df9bf556a76d42c92bde11fde5553eba SOURCES/timesync-1.6.6.tar.gz
-d10a0dd866c1ce982d2ba22500718df3fb2ab766 SOURCES/tlog-1.2.6.tar.gz
-d1bb00636c04bc1b2d94ce0e491afe9ef921cd56 SOURCES/vpn-1.3.2.tar.gz

SOURCES/CHANGELOG.md

@@ -0,0 +1,709 @@
+Changelog
+=========
+[1.23.0] - 2024-01-15
+----------------------------
+
+### New Features
+
+- [RHEL for Edge support in system roles](https://issues.redhat.com/browse/RHEL-15872)
+- [ad_integration - feat: Add sssd custom settings](https://issues.redhat.com/browse/RHEL-17667)
+- [ad_integration - Enable AD dynamic DNS updates](https://issues.redhat.com/browse/RHEL-1119)
+- [ad_integration - feat: add ad_integration_preserve_authselect_profile](https://issues.redhat.com/browse/RHEL-21383)
+- [ad_integration - feat: Add SSSD parameters support](https://issues.redhat.com/browse/RHEL-21134)
+- [bootloader - Create bootloader role (MVP)](https://issues.redhat.com/browse/RHEL-3241)
+- [fapolicyd - feat: Import code for fapolicyd system role](https://issues.redhat.com/browse/RHEL-16542)
+- [ha_cluster - [RFE] HA Cluster system role should be able to enable Resilient Storage repository](https://issues.redhat.com/browse/RHEL-14090)
+- [ha_cluster - [FutureFeature] Allow ha_cluster role to configure fencing topology](https://issues.redhat.com/browse/RHEL-4624)
+- [ha_cluster - [FutureFeature] Allow ha_cluster role to configure all qdevice options](https://issues.redhat.com/browse/RHEL-3264)
+- [ha_cluster - Setting cluster members attributes](https://issues.redhat.com/browse/RHEL-22108)
+- [journald - feat: Add support for ForwardToSyslog](https://issues.redhat.com/browse/RHEL-21123)
+- [logging - feat: Add support for the global config option preserveFQDN with a new logg…](https://issues.redhat.com/browse/RHEL-15933)
+- [logging - feat: Add support for general queue and general action parameters](https://issues.redhat.com/browse/RHEL-15440)
+- [metrics - [RFE] Metrics system role support for configuring PMIE webhooks](https://issues.redhat.com/browse/RHEL-18170)
+- [network - Add blackhole type route](https://issues.redhat.com/browse/RHEL-21491)
+- [postgresql - feat: Enable support for Postgresql 16](https://issues.redhat.com/browse/RHEL-18963)
+- [rhc - support RHEL 7 managed nodes](https://issues.redhat.com/browse/RHEL-16977)
+- [rhc - new rhc_insights.ansible_host parameter](https://issues.redhat.com/browse/RHEL-16975)
+- [rhc - new rhc_insights.display_name parameter](https://issues.redhat.com/browse/RHEL-16965)
+- [snapshot - New Role for storage snapshot management (lvm, etc.)](https://issues.redhat.com/browse/RHEL-16553)
+- [sshd - ansible-sshd Manage SSH certificates](https://issues.redhat.com/browse/RHEL-5985)
+- [storage - feat: Support for creating volumes without a FS](https://issues.redhat.com/browse/RHEL-16213)
+- [storage - Basic support for creating shared logical volumes (RHEL 8)](https://issues.redhat.com/browse/RHEL-14022)
+
+### Bug Fixes
+
+- [ha_cluster - high-availability firewall service is not added on qdevice node](https://issues.redhat.com/browse/RHEL-17874)
+- [ha_cluster - Timeout issue between SBD with delay-start and systemd unit](https://issues.redhat.com/browse/RHEL-4684)
+- [kdump - fix: retry read of kexec_crash_size](https://issues.redhat.com/browse/RHEL-3354)
+- [keylime_server - won't detect registrar start failure](https://issues.redhat.com/browse/RHEL-21946)
+- [logging - fix: check that logging_max_message_size is set, not rsyslog_max_message_size](https://issues.redhat.com/browse/RHEL-15038)
+- [nbde_server - fix: Allow tangd socket override directory to be managed outside of the role](https://issues.redhat.com/browse/RHEL-25509)
+- [network - Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"](https://issues.redhat.com/browse/RHEL-16501)
+- [podman - fix: cast secret data to string in order to allow JSON valued strings](https://issues.redhat.com/browse/RHEL-22310)
+- [podman - fix: name of volume quadlet service should be basename-volume.service](https://issues.redhat.com/browse/RHEL-21402)
+- [podman - fix: add no_log: true for tasks that can log secret data](https://issues.redhat.com/browse/RHEL-19242)
+- [podman - fix: user linger needed before secrets](https://issues.redhat.com/browse/RHEL-22229)
+- [postgresql - PostgreSQL system role: unable to install PostgreSQL version 15 on RHEL 9](https://issues.redhat.com/browse/RHEL-21400)
+- [selinux - fix: Use `ignore_selinux_state` module option](https://issues.redhat.com/browse/RHEL-15871)
+- [selinux - fix: Print an error message when module to be created doesn't exist](https://issues.redhat.com/browse/RHEL-19044)
+- [selinux - fix: no longer use "item" as a loop variable](https://issues.redhat.com/browse/RHEL-19042)
+
+[1.22.0] - 2023-08-15
+----------------------------
+
+### New Features
+
+- [ALL - fingerprint in config files managed by roles](https://bugzilla.redhat.com/show_bug.cgi?id=2186910)
+- [ad_integration - add ad_integration_force_rejoin](https://bugzilla.redhat.com/show_bug.cgi?id=2211723)
+- [certificate - add mode parameter to change permissions for cert files](https://bugzilla.redhat.com/show_bug.cgi?id=2218204)
+- [firewall - missing module in linux-system-roles.firewall to create an ipset](https://bugzilla.redhat.com/show_bug.cgi?id=2140880)
+- [firewall - fix: reload on resetting to defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2224648)
+- [firewall - should have option to disable conflicting services](https://bugzilla.redhat.com/show_bug.cgi?id=2222809)
+- [ha_cluster - Add possibility to load SBD watchdog kernel modules](https://bugzilla.redhat.com/show_bug.cgi?id=2190478)
+- [ha_cluster - cluster and quorum can have distinct passwords](https://bugzilla.redhat.com/show_bug.cgi?id=2216485)
+- [ha_cluster - support for resource and operation defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2190483)
+- [kdump - support auto_reset_crashkernel, dracut_args, deprecate /etc/sysconfig/kdump](https://bugzilla.redhat.com/show_bug.cgi?id=2211272)
+- [keylime_server - system role for managing keylime servers](https://bugzilla.redhat.com/show_bug.cgi?id=2224387)
+- [network - Support configuring auto-dns setting](https://bugzilla.redhat.com/show_bug.cgi?id=2211273)
+- [network - Support no-aaaa DNS option](https://bugzilla.redhat.com/show_bug.cgi?id=2218595)
+- [podman - allow container networking configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2220963)
+- [podman - support for healthchecks and healthcheck actions](https://bugzilla.redhat.com/show_bug.cgi?id=2220961)
+- [podman - support quadlet units](https://bugzilla.redhat.com/show_bug.cgi?id=2220962)
+- [postgresql - [RFE] system role for PostgreSQL management](https://bugzilla.redhat.com/show_bug.cgi?id=2151371)
+- [rhc - implement rhc_proxy.scheme](https://bugzilla.redhat.com/show_bug.cgi?id=2211778)
+- [rhc - [RFE] New role for Red Hat subscription management, insights management [rhel-8.9.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2179016)
+- [ssh - add ssh_backup option with default true](https://bugzilla.redhat.com/show_bug.cgi?id=2216759)
+- [storage - RFE for the storage system role to support configuring the stripe size for RAID LVM volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2141961)
+- [storage - [RFE] user-specified mount point owner and permissions](https://bugzilla.redhat.com/show_bug.cgi?id=2181661)
+- [systemd - system role for managing systemd units](https://bugzilla.redhat.com/show_bug.cgi?id=2224388)
+
+### Bug Fixes
+
+- [ALL - facts being gathered unnecessarily](https://bugzilla.redhat.com/show_bug.cgi?id=2223036)
+- [ad_integration - leaks credentials when in check_mode](https://bugzilla.redhat.com/show_bug.cgi?id=2233183)
+- [certificate - rhel-system-roles.certificate does not re-issue after updating key_size](https://bugzilla.redhat.com/show_bug.cgi?id=2186057)
+- [firewall - fix: reload on resetting to defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2224648)
+- [firewall - Check mode fails with replacing previous rules](https://issues.redhat.com/browse/RHEL-899)
+- [firewall - Check mode fails when creating new firewall service](https://bugzilla.redhat.com/show_bug.cgi?id=2222433)
+- [firewall - Ansible RHEL firewall system role not idempotent when configuring the interface using the role in rhel9](https://issues.redhat.com/browse/RHEL-918)
+- [firewall - Don't install python(3)-firewall it's a dependency of firewalld](https://bugzilla.redhat.com/show_bug.cgi?id=2216521)
+- [firewall - fix: files: overwrite firewalld.conf on previous replaced](https://issues.redhat.com/browse/RHEL-1496)
+- [kdump - use failure_action instead of default on EL9 and later](https://issues.redhat.com/browse/RHEL-907)
+- [kdump - role: "Write new authorized_keys if needed" task idempotency issues](https://bugzilla.redhat.com/show_bug.cgi?id=2232391)
+- [kdump - system role fails if kdump_ssh_user doesn't have a .ssh/authorized_keys file in home directory](https://bugzilla.redhat.com/show_bug.cgi?id=2232392)
+- [kdump - fix: ensure .ssh directory exists for kdump_ssh_user on kdump_ssh_server](https://issues.redhat.com/browse/RHEL-1398)
+- [kdump - fix: Ensure authorized_keys management works with multiple hosts](https://issues.redhat.com/browse/RHEL-1500)
+- [podman - Podman system role:  Unable to use podman_registries_conf to set unqualified-search-registries](https://bugzilla.redhat.com/show_bug.cgi?id=2226077)
+- [rhc - system role does not apply Insights tags](https://bugzilla.redhat.com/show_bug.cgi?id=2209441)
+- [storage - Cannot set chunk size for RAID: Unsupported parameters for (blivet) module: pools.raid_chunk_size](https://bugzilla.redhat.com/show_bug.cgi?id=2193057)
+- [storage - RAID volume pre cleanup - remove existing data from member disks as needed before creation](https://bugzilla.redhat.com/show_bug.cgi?id=2224094)
+- [storage - Storage: mounted devices that are in use cannot be resized](https://bugzilla.redhat.com/show_bug.cgi?id=2168738)
+- [storage - fix: use stat.pw_name, stat.gr_name instead of owner, group](https://issues.redhat.com/browse/RHEL-1498)
+- [tlog - use the proxy provider - the files provider is deprecated in sssd](https://bugzilla.redhat.com/show_bug.cgi?id=2191702)
+
+[1.21.1] - 2023-03-16
+----------------------------
+
+### New Features
+
+- [rhc - New Role - Red Hat subscription management, insights management](https://bugzilla.redhat.com/show_bug.cgi?id=2144877)
+
+### Bug Fixes
+
+- none
+
+[1.21.0] - 2023-02-20
+----------------------------
+
+### New Features
+
+- [ad_integration - [RFE] new role to support AD integration, join to AD domain](https://bugilla.redhat.com/show_bug.cgi?id=2144876)
+- [cockpit - [RFE] convert cockpit role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2137667)
+- [ha_cluster - Allow quorum device configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2143814)
+- [ha_cluster - [RFE] convert ha_cluster role to use firewall, selinux and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130019)
+- [journald - New role - journald - manage systemd-journald](https://bugzilla.redhat.com/show_bug.cgi?id=2165176)
+- [logging - [RFE] convert logging role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130362)
+- [metrics - [RFE] convert metrics role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133532)
+- [nbde_server - [RFE] convert nbde_server role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133931)
+- [network - Support cloned MAC address](https://bugzilla.redhat.com/show_bug.cgi?id=2143458)
+- [network - [RFE] Support setting the metric of the default route for initscripts provider](https://bugzilla.redhat.com/show_bug.cgi?id=2134201)
+- [network - [RFE] Support the DNS priority](https://bugzilla.redhat.com/show_bug.cgi?id=2133856)
+- [network - Support looking up named route table in routing rule](https://bugzilla.redhat.com/show_bug.cgi?id=2129620)
+- [podman - [RFE] role for managing podman containers and systemd](https://bugzilla.redhat.com/show_bug.cgi?id=2066864)
+- [postfix - [RFE] convert postfix role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130332)
+- [selinux - add support for the 'local' parameter](https://bugzilla.redhat.com/show_bug.cgi?id=2143385)
+- [vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid](https://bugzilla.redhat.com/show_bug.cgi?id=2119600)
+- [vpn - [RFE] convert vpn role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130345)
+
+### Bug Fixes
+
+- [ha_cluster - Fix stonith watchdog timeout](https://bugzilla.redhat.com/show_bug.cgi?id=2167941)
+- [ha_cluster - Allow enabled SBD on disabled cluster](https://bugzilla.redhat.com/show_bug.cgi?id=2153081)
+- [ha_cluster - use no_log in tasks looping over pot. secret parameters](https://bugzilla.redhat.com/show_bug.cgi?id=2127497)
+- [nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data](https://bugzilla.redhat.com/show_bug.cgi?id=2159972)
+- [nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names](https://bugzilla.redhat.com/show_bug.cgi?id=2126960)
+- [network - should route traffic via correct bond](https://bugzilla.redhat.com/show_bug.cgi?id=2168733)
+- [selinux - managing modules is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=2164879)
+- [sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found](https://bugzilla.redhat.com/show_bug.cgi?id=2143401)
+- [tlog - Unconditionally enable the files provider](https://bugzilla.redhat.com/show_bug.cgi?id=2153080)
+
+[1.20.0] - 2022-08-09
+----------------------------
+
+### New Features
+
+- [cockpit - Add customization of port](https://bugzilla.redhat.com/show_bug.cgi?id=2115159)
+- [firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID](https://bugzilla.redhat.com/show_bug.cgi?id=2100939)
+- [firewall - support for firewall_config - gather firewall facts](https://bugzilla.redhat.com/show_bug.cgi?id=2115160)
+- [logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs](https://bugzilla.redhat.com/show_bug.cgi?id=2112143)
+- [selinux - Added setting of seuser and selevel for completeness](https://bugzilla.redhat.com/show_bug.cgi?id=2115162)
+
+### Bug Fixes
+
+- [nbde_client - Sets proper spacing for parameter rd.neednet=1](https://bugzilla.redhat.com/show_bug.cgi?id=2115161)
+- [network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence](https://bugzilla.redhat.com/show_bug.cgi?id=2115884)
+- [ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing](https://bugzilla.redhat.com/show_bug.cgi?id=2109997)
+- [storage - [RHEL8] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.](https://bugzilla.redhat.com/show_bug.cgi?id=2082391)
+
+[1.19.3] - 2022-07-01
+----------------------------
+
+### New Features
+
+- [firewall - support add/modify/delete services](https://bugzilla.redhat.com/show_bug.cgi?id=2100297)
+- [network - [RFE] [network] Support managing the network through nmstate schema](https://bugzilla.redhat.com/show_bug.cgi?id=2100979)
+- [storage - support for adding/removing disks to/from storage pools](https://bugzilla.redhat.com/show_bug.cgi?id=2066880)
+- [storage - support for attaching cache volumes to existing volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2066881)
+
+### Bug Fixes
+
+- [firewall - forward_port should accept list of string or list of dict](https://bugzilla.redhat.com/show_bug.cgi?id=2101607)
+- [metrics - document minimum supported redis version required by rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=2100285)
+- [metrics - restart pmie, pmlogger if changed, do not wait for handler](https://bugzilla.redhat.com/show_bug.cgi?id=2100298)
+
+[1.19.2] - 2022-06-15
+----------------------------
+
+### New Features
+
+- [sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9](https://bugzilla.redhat.com/show_bug.cgi?id=2086935)
+
+### Bug Fixes
+
+- none
+
+[1.19.1] - 2022-06-13
+----------------------------
+
+### New Features
+
+- [storage - support for creating and managing LVM thin pools/LVs](https://bugzilla.redhat.com/show_bug.cgi?id=2066876)
+- [All roles should support running with gather_facts: false](https://bugzilla.redhat.com/show_bug.cgi?id=2079008)
+
+### Bug Fixes
+
+- none
+
+[1.19.0] - 2022-06-06
+----------------------------
+
+### New Features
+
+- [storage - support for creating and managing LVM thin pools/LVs](https://bugzilla.redhat.com/show_bug.cgi?id=2066876)
+- [firewall - state no longer required for masquerade and ICMP block inversion](https://bugzilla.redhat.com/show_bug.cgi?id=2093437)
+
+### Bug Fixes
+
+- [storage - role raid_level "striped" is not supported](https://bugzilla.redhat.com/show_bug.cgi?id=2083426)
+
+[1.18.0] - 2022-05-26
+----------------------------
+
+### New Features
+
+- [firewall - [Improvement] Allow System Role to reset to default Firewalld Settings](https://bugzilla.redhat.com/show_bug.cgi?id=2043009)
+- [metrics - [RFE] add an option to the metrics role to enable postfix metric collection](https://bugzilla.redhat.com/show_bug.cgi?id=2079114)
+- [network - Rework the infiniband support](https://bugzilla.redhat.com/show_bug.cgi?id=2086869)
+- [sshd - system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf"](https://bugzilla.redhat.com/show_bug.cgi?id=2086934)
+- [sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9](https://bugzilla.redhat.com/show_bug.cgi?id=2086935)
+
+### Bug Fixes
+
+- [storage - role cannot set mount_options for volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2083378)
+
+[1.17.0] - 2022-04-25
+----------------------------
+
+### New Features
+
+- [All roles should support running with gather_facts: false](https://bugzilla.redhat.com/show_bug.cgi?id=2079008)
+- [ha_cluster - support advanced corosync configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2065339)
+- [ha_cluster - support SBD fencing](https://bugzilla.redhat.com/show_bug.cgi?id=2066868)
+- [ha_cluster - add support for configuring bundle resources](https://bugzilla.redhat.com/show_bug.cgi?id=2073518)
+- [logging - Logging - RFE - support template, severity and facility options](https://bugzilla.redhat.com/show_bug.cgi?id=2075116)
+- [metrics - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065215)
+- [metrics - [RFE] add an option to the metrics role to enable postfix metric collection](https://bugzilla.redhat.com/show_bug.cgi?id=2079114)
+- [network - [RFE] Extend rhel-system-roles.network feature set to support routing rules](https://bugzilla.redhat.com/show_bug.cgi?id=1996731)
+- [network - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065670)
+- [postfix - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065216)
+- [postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065218)
+
+### Bug Fixes
+
+- [firewall - Firewall system role Ansible deprecation warning related to "include"](https://bugzilla.redhat.com/show_bug.cgi?id=2078650)
+- [kernel_settings - error configobj not found on RHEL 8.6 managed hosts [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2060378)
+- [metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2060377)
+- [nbde_client - NBDE client system role does not support servers with static IP addresses [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2071011)
+- [network - bond: fix typo in supporting the infiniband ports in active-backup mode](https://bugzilla.redhat.com/show_bug.cgi?id=2064067)
+- [sshd - FIPS mode detection in SSHD role is wrong](https://bugzilla.redhat.com/show_bug.cgi?id=2075338)
+- [storage - RFE storage Less verbosity by default](https://bugzilla.redhat.com/show_bug.cgi?id=2056480)
+- [tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default](https://bugzilla.redhat.com/show_bug.cgi?id=2072749)
+
+[1.16.3] - 2022-04-07
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default](https://bugzilla.redhat.com/show_bug.cgi?id=2072749)
+
+[1.16.2] - 2022-04-06
+----------------------------
+
+### New Features
+
+- [nbde_client - NBDE client system role does not support servers with static IP addresses](https://bugzilla.redhat.com/show_bug.cgi?id=1985022)
+
+### Bug Fixes
+
+- none
+
+[1.16.1] - 2022-03-29
+----------------------------
+
+### New Features
+
+- [nbde_client - NBDE client system role does not support servers with static IP addresses](https://bugzilla.redhat.com/show_bug.cgi?id=1985022)
+
+### Bug Fixes
+
+- none
+
+[1.16.0] - 2022-03-22
+----------------------------
+
+### New Features
+
+- [network - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2057656)
+- [metrics - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2057645)
+- [postfix - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2057661)
+- [postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default](https://bugzilla.redhat.com/show_bug.cgi?id=2044657)
+
+### Bug Fixes
+
+- [network - bond: fix typo in supporting the infiniband ports in active-backup mode](https://bugzilla.redhat.com/show_bug.cgi?id=2064388)
+
+[1.15.1] - 2022-03-03
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [kernel_settings - error configobj not found on RHEL 8.6 managed hosts](https://bugzilla.redhat.com/show_bug.cgi?id=2058772)
+- [timesync - timesync: basic-smoke test failure in timesync/tests_ntp.yml](https://bugzilla.redhat.com/show_bug.cgi?id=2058645)
+
+[1.15.0] - 2022-03-01
+----------------------------
+
+### New Features
+
+- [firewall - [RFE] - Firewall RHEL System Role should be able to set default zone](https://bugzilla.redhat.com/show_bug.cgi?id=2022458)
+
+### Bug Fixes
+
+- [metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run](https://bugzilla.redhat.com/show_bug.cgi?id=2058655)
+- [firewall - ensure target changes take effect immediately](https://bugzilla.redhat.com/show_bug.cgi?id=2057172)
+
+[1.14.0] - 2022-02-14
+----------------------------
+
+### New Features
+
+- [network - [RFE] Add more bonding options to rhel-system-roles.network](https://bugzilla.redhat.com/show_bug.cgi?id=2008931)
+- [certificate - should consistently use ansible_managed in hook scripts](https://bugzilla.redhat.com/show_bug.cgi?id=2054364)
+- [tlog - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2054363)
+- [vpn - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2054365)
+
+### Bug Fixes
+
+- [ha_cluster - set permissions for haclient group](https://bugzilla.redhat.com/show_bug.cgi?id=2049747)
+
+[1.13.1] - 2022-02-08
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [vpn - vpn: template error while templating string: no filter named 'vpn_ipaddr'](https://bugzilla.redhat.com/show_bug.cgi?id=2050341)
+- [kdump - kdump: Unable to start service kdump: Job for kdump.service failed because the control process exited with error code.](https://bugzilla.redhat.com/show_bug.cgi?id=2052105)
+
+[1.13.0] - 2022-02-01
+----------------------------
+
+### New Features
+
+- [storage - RFE: Add support for RAID volumes (lvm-only)](https://bugzilla.redhat.com/show_bug.cgi?id=2016514)
+- [storage - RFE: Add support for cached volumes (lvm-only)](https://bugzilla.redhat.com/show_bug.cgi?id=2016511)
+- [nbde_client - NBDE client system role does not support servers with static IP addresses](https://bugzilla.redhat.com/show_bug.cgi?id=1985022)
+- [ha_cluster - [RFE] ha_cluster - Support for creating resource constraints (Location, Ordering, etc.)](https://bugzilla.redhat.com/show_bug.cgi?id=2041635)
+- [network - RFE: Support Routing Tables in static routes in Network Role](https://bugzilla.redhat.com/show_bug.cgi?id=2031521)
+
+### Bug Fixes
+
+- [metrics - role can't be re-run if the Grafana admin password has been changed](https://bugzilla.redhat.com/show_bug.cgi?id=1967321)
+- [network - Failure to activate connection: nm-manager-error-quark: No suitable device found for this connection](https://bugzilla.redhat.com/show_bug.cgi?id=2034908)
+- [network - Set DNS search setting only for enabled IP protocols](https://bugzilla.redhat.com/show_bug.cgi?id=2041627)
+
+[1.12.0] - 2022-01-27
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [logging - Logging role "logging_purge_confs" option not properly working](https://bugzilla.redhat.com/show_bug.cgi?id=2040812)
+- [kernel_settings - role should use ansible_managed in its configuration file](https://bugzilla.redhat.com/show_bug.cgi?id=2047504)
+
+[1.11.0] - 2022-01-20
+----------------------------
+
+### New Features
+
+- [Support ansible-core 2.11+](https://bugzilla.redhat.com/show_bug.cgi?id=2012316)
+- [cockpit - Please include "cockpit" role](https://bugzilla.redhat.com/show_bug.cgi?id=2021661)
+- [ssh - ssh/tests_all_options.yml: "assertion": "'StdinNull yes' in config.content | b64decode ", failure](https://bugzilla.redhat.com/show_bug.cgi?id=2029614)
+
+### Bug Fixes
+
+- [timesync - timesync: Failure related to missing ntp/ntpd package/service on RHEL-9 host](https://bugzilla.redhat.com/show_bug.cgi?id=2029463)
+- [logging - role missing quotes for immark module interval value](https://bugzilla.redhat.com/show_bug.cgi?id=2021678)
+- [kdump - kdump: support reboot required and reboot ok](https://bugzilla.redhat.com/show_bug.cgi?id=2029605)
+- [sshd - should detect FIPS mode and handle tasks correctly in FIPS mode](https://bugzilla.redhat.com/show_bug.cgi?id=1979714)
+
+[1.10.0] - 2021-11-08
+----------------------------
+
+### New Features
+
+- [cockpit - Please include "cockpit" role](https://bugzilla.redhat.com/show_bug.cgi?id=2021661)
+- [firewall - Ansible Roles for RHEL Firewall](https://bugzilla.redhat.com/show_bug.cgi?id=1854988)
+- [firewall - RFE: firewall-system-role: add ability to add-source](https://bugzilla.redhat.com/show_bug.cgi?id=1932678)
+- [firewall - RFE: firewall-system-role: allow user defined zones](https://bugzilla.redhat.com/show_bug.cgi?id=1850768)
+- [firewall - RFE: firewall-system-role: allow specifying the zone](https://bugzilla.redhat.com/show_bug.cgi?id=1850753)
+- [Support ansible-core 2.11+](https://bugzilla.redhat.com/show_bug.cgi?id=2012316)
+- [network - role: Allow to specify PCI address to configure profiles](https://bugzilla.redhat.com/show_bug.cgi?id=1695634)
+- [network - [RFE] support wifi Enhanced Open (OWE)](https://bugzilla.redhat.com/show_bug.cgi?id=1993379)
+- [network - [RFE] support WPA3 Simultaneous Authentication of Equals(SAE)](https://bugzilla.redhat.com/show_bug.cgi?id=1993311)
+- [network - [Network] RFE: Support ignoring default gateway retrieved by DHCP/IPv6-RA](https://bugzilla.redhat.com/show_bug.cgi?id=1897565)
+- [logging - [RFE]  logging - Add user and password](https://bugzilla.redhat.com/show_bug.cgi?id=2010327)
+
+### Bug Fixes
+
+- [Replace `# {{ ansible_managed }}` with `{{ ansible_managed | comment }}`](https://bugzilla.redhat.com/show_bug.cgi?id=2006230)
+- [logging - role missing quotes for immark module interval value](https://bugzilla.redhat.com/show_bug.cgi?id=2021678)
+- [logging - Logging - Performance improvement](https://bugzilla.redhat.com/show_bug.cgi?id=2005727)
+- [nbde_client - add regenerate-all to the dracut command](https://bugzilla.redhat.com/show_bug.cgi?id=2021682)
+- [certificate - certificates: "group" option keeps certificates inaccessible to the group](https://bugzilla.redhat.com/show_bug.cgi?id=2021683)
+
+[1.7.3] - 2021-08-26
+----------------------------
+
+### New Features
+
+- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1978488)
+
+### Bug Fixes
+
+- none
+
+[1.7.2] - 2021-08-24
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [logging - Update the certificates copy tasks](https://bugzilla.redhat.com/show_bug.cgi?id=1996777)
+
+[1.7.1] - 2021-08-16
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [metrics - role: the bpftrace role does not properly configure bpftrace agent](https://bugzilla.redhat.com/show_bug.cgi?id=1994180)
+
+[1.7.0] - 2021-08-12
+----------------------------
+
+### New Features
+
+- [drop support for Ansible 2.8](https://bugzilla.redhat.com/show_bug.cgi?id=1989197)
+
+### Bug Fixes
+
+- [sshd - sshd: failed to validate: error:Missing Match criteria for all Bad Match condition](https://bugzilla.redhat.com/show_bug.cgi?id=1991598)
+
+[1.6.6] - 2021-08-06
+----------------------------
+
+### New Features
+
+- [logging - [RFE] logging - Add a support for list value to server_host in the elasticsearch output](https://bugzilla.redhat.com/show_bug.cgi?id=1986460)
+
+### Bug Fixes
+
+- none
+
+[1.6.2] - 2021-07-30
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [metrics - role: Grafana dashboard not working after metrics role run unless services manually restarted](https://bugzilla.redhat.com/show_bug.cgi?id=1984150)
+
+[1.6.0] - 2021-07-28
+----------------------------
+
+### New Features
+
+- [storage - [RFE] storage: support volume sizes as a percentage of pool](https://bugzilla.redhat.com/show_bug.cgi?id=1984583)
+
+### Bug Fixes
+
+- none
+
+[1.5.0] - 2021-07-15
+----------------------------
+
+### New Features
+
+- [ha_cluster - RFE: ha_cluster - add pacemaker cluster properties configuration](https://bugzilla.redhat.com/show_bug.cgi?id=1982913)
+
+### Bug Fixes
+
+- none
+
+[1.4.3] - 2021-07-15
+----------------------------
+
+### New Features
+
+- [crypto_policies - rename 'policy modules' to 'subpolicies'](https://bugzilla.redhat.com/show_bug.cgi?id=1982896)
+
+### Bug Fixes
+
+- none
+
+[1.4.2] - 2021-07-15
+----------------------------
+
+### New Features
+
+- [storage - storage: relabel doesn't support](https://bugzilla.redhat.com/show_bug.cgi?id=1876315)
+
+### Bug Fixes
+
+- none
+
+[1.4.1] - 2021-07-09
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [network - Re-running the network system role results in "changed: true" when nothing has actually changed](https://bugzilla.redhat.com/show_bug.cgi?id=1943384)
+
+[1.4.0] - 2021-07-08
+----------------------------
+
+### New Features
+
+- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1882475)
+
+### Bug Fixes
+
+- none
+
+[1.3.0] - 2021-06-23
+----------------------------
+
+### New Features
+
+- [ha_cluster - RFE: add pacemaker resources configuration](https://bugzilla.redhat.com/show_bug.cgi?id=1963283)
+- [network - [Network] RFE: Support ignoring default gateway retrieved by DHCP/IPv6-RA](https://bugzilla.redhat.com/show_bug.cgi?id=1897565)
+- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1882475)
+- [sshd - RFE: sshd - support for appending a snippet to configuration file](https://bugzilla.redhat.com/show_bug.cgi?id=1970642)
+- [timesync - RFE: timesync support for Network Time Security (NTS)](https://bugzilla.redhat.com/show_bug.cgi?id=1970664)
+
+### Bug Fixes
+
+- [postfix - Postfix RHEL system role README.md missing variables under the "Role Variables" section](https://bugzilla.redhat.com/show_bug.cgi?id=1961858)
+- [postfix - the postfix role is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=1960375)
+- [selinux - task for semanage says Fedora in name but also runs on RHEL/CentOS 8](https://bugzilla.redhat.com/show_bug.cgi?id=1966681)
+- [metrics - role task to enable logging for targeted hosts not working](https://bugzilla.redhat.com/show_bug.cgi?id=1967335)
+- [sshd ssh - Unable to set sshd_hostkey_group and sshd_hostkey_mode](https://bugzilla.redhat.com/show_bug.cgi?id=1966711)
+
+[1.2.3] - 2021-06-17
+----------------------------
+
+### New Features
+
+- [main.yml: Add EL 9 support for all roles](https://bugzilla.redhat.com/show_bug.cgi?id=1952887)
+
+### Bug Fixes
+
+- none
+
+[1.2.2] - 2021-06-15
+----------------------------
+
+### New Features
+
+- [timesync - Add hybrid_e2e option to PTP domain](https://bugzilla.redhat.com/show_bug.cgi?id=1957849)
+
+### Bug Fixes
+
+- [Internal links in README.md are broken](https://bugzilla.redhat.com/show_bug.cgi?id=1962976)
+- [ha_cluster - cannot read preshared key in binary format](https://bugzilla.redhat.com/show_bug.cgi?id=1952620)
+
+[1.2.1] - 2021-05-21
+----------------------------
+
+### New Features
+
+- none
+
+### Bug Fixes
+
+- [Internal links in README.md are broken](https://bugzilla.redhat.com/show_bug.cgi?id=1962976)
+
+[1.2.0] - 2021-05-17
+----------------------------
+
+### New Features
+
+- [network - role: Support ethtool -G|--set-ring options](https://bugzilla.redhat.com/show_bug.cgi?id=1959649)
+
+### Bug Fixes
+
+- [postfix - postfix: Use FQRN in README](https://bugzilla.redhat.com/show_bug.cgi?id=1958963)
+- [postfix - Documentation error in rhel-system-roles postfix readme file](https://bugzilla.redhat.com/show_bug.cgi?id=1866544)
+- [storage - storage: calltrace observed when set type: partition for storage_pools](https://bugzilla.redhat.com/show_bug.cgi?id=1854187)
+
+[1.1.0] - 2021-05-13
+----------------------------
+
+### New Features
+
+- [timesync - [RFE] support for free form configuration for chrony](https://bugzilla.redhat.com/show_bug.cgi?id=1938023)
+- [timesync - [RFE] support for timesync_max_distance to configure maxdistance/maxdist parameter](https://bugzilla.redhat.com/show_bug.cgi?id=1938016)
+- [timesync - [RFE] support for ntp xleave, filter, and hw timestamping](https://bugzilla.redhat.com/show_bug.cgi?id=1938020)
+- [selinux - [RFE] Ability to install custom SELinux module via Ansible](https://bugzilla.redhat.com/show_bug.cgi?id=1848683)
+- [network - support for ipv6_disabled to disable ipv6 for address](https://bugzilla.redhat.com/show_bug.cgi?id=1939711)
+- [vpn - [RFE] Release Ansible role for vpn in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1943679)
+
+### Bug Fixes
+
+- [Bug fixes for Collection/Automation Hub](https://bugzilla.redhat.com/show_bug.cgi?id=1954747)
+- [timesync - do not use ignore_errors in timesync role](https://bugzilla.redhat.com/show_bug.cgi?id=1938014)
+- [selinux - rhel-system-roles should not reload the SELinux policy if its not changed](https://bugzilla.redhat.com/show_bug.cgi?id=1757869)
+
+[1.0.0] - 2021-02-23
+----------------------------
+
+### New Features
+
+- [network - RFE: [network] Support of DNS with options](https://bugzilla.redhat.com/show_bug.cgi?id=1893959)
+- [network - RFE: [network] Embrace Inclusive language](https://bugzilla.redhat.com/show_bug.cgi?id=1893957)
+- [ssh - [8.4] [RFE] Release Ansible role for ssh client in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893712)
+- [clusterha - [8.4] [RFE] Release Ansible role for cluster HA in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893743)
+- [logging - Logging - Support RELP secure transport in the logging role configuration](https://bugzilla.redhat.com/show_bug.cgi?id=1889484)
+- [metrics - [8.4] [RFE] add exporting-metric-data-to-elasticsearch functionality in the metrics role](https://bugzilla.redhat.com/show_bug.cgi?id=1895188)
+- [metrics - release SQL server configuration support in the metrics role](https://bugzilla.redhat.com/show_bug.cgi?id=1893908)
+- [[8.4] Package rhel-system-roles in the collection format in addition to the legacy role format](https://bugzilla.redhat.com/show_bug.cgi?id=1893906)
+
+### Bug Fixes
+
+- [logging - Logging - Integrating ELK with RHV-4.4 fails as RHVH is missing 'rsyslog-gnutls' package.](https://bugzilla.redhat.com/show_bug.cgi?id=1927943)
+- [storage - storage: omitted parameters on existing pool/volume is interpreted as "use the default"](https://bugzilla.redhat.com/show_bug.cgi?id=1894651)
+- [storage - storage: must list disks in order to identify an existing pool](https://bugzilla.redhat.com/show_bug.cgi?id=1894676)
+- [storage - storage: pool metadata usage must be accounted for by the user](https://bugzilla.redhat.com/show_bug.cgi?id=1894647)
+- [selinux - Merged fix incorrect default value (there is no variable named "present")](https://bugzilla.redhat.com/show_bug.cgi?id=1926947)
+- [storage - storage: tests_luks.yml partition case failed with nvme disk](https://bugzilla.redhat.com/show_bug.cgi?id=1865990)
+
+[1.0] - 2021-01-15
+----------------------------
+
+### New Features
+
+- [tlog - Add exclude_users and exclude_groups support](https://bugzilla.redhat.com/show_bug.cgi?id=1895472)
+- [crypto_policies - [8.4] [RFE] Release Ansible role for crypto policies in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893699)
+- [sshd - [8.4] [RFE] Release Ansible role for sshd in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893696)
+- [metrics - role should automate the setup of Grafana datasources](https://bugzilla.redhat.com/show_bug.cgi?id=1855544)
+- [network role: Support -K|--features|--offload ethtool options](https://bugzilla.redhat.com/show_bug.cgi?id=1696703)
+- [network role: Atomic changes](https://bugzilla.redhat.com/show_bug.cgi?id=1695161)
+
+### Bug Fixes
+
+- [storage - safe mode of storage role does not prevent accidentally losing data when toggling encryption on a volume, disk or pool](https://bugzilla.redhat.com/show_bug.cgi?id=1881524)
+- [storage - storage: ext2/3/4 resize function doesn't work](https://bugzilla.redhat.com/show_bug.cgi?id=1862867)
+- [logging - [logging role] cannot setup machine with tls](https://bugzilla.redhat.com/show_bug.cgi?id=1861318)
+- [certificate - role: The role is not idempotent in rhel7](https://bugzilla.redhat.com/show_bug.cgi?id=1859547)
+- [logging - Logging - Bug fixes](https://bugzilla.redhat.com/show_bug.cgi?id=1854546)
+- [logging - [logging role] support scenario for client without key/cert, just CA cert](https://bugzilla.redhat.com/show_bug.cgi?id=1860896)
+- [metrics - role incorrectly sets up multiple primary pmie processes in multi-host mode](https://bugzilla.redhat.com/show_bug.cgi?id=1855539)
+- [certificate - role cannot manage EL7 hosts](https://bugzilla.redhat.com/show_bug.cgi?id=1848745)
+- [network - [network] Support state:down persistent_state:absent for non-existent profile](https://bugzilla.redhat.com/show_bug.cgi?id=1822777)
+- [network - Creating active bonded interface fails with the initscripts provider](https://bugzilla.redhat.com/show_bug.cgi?id=1848472)
+- [logging - Logging role had performance issues](https://bugzilla.redhat.com/show_bug.cgi?id=1848762)
+- [certificate - role does not work on controller hosts which use jinja2 2.10](https://bugzilla.redhat.com/show_bug.cgi?id=1848742)
+- [nbde_client - fix idempotency, check_mode issues with nbde_client role](https://bugzilla.redhat.com/show_bug.cgi?id=1848766)
+- [storage - Storage role can remove existing filesystems and volume groups without warning](https://bugzilla.redhat.com/show_bug.cgi?id=1763242)
+- [network role: Minimize service disruption](https://bugzilla.redhat.com/show_bug.cgi?id=1695157)
+- [typo in selinux/tests/tests_selinux_disabled.yml: Invalid options for assert: mgs](https://bugzilla.redhat.com/show_bug.cgi?id=1677743)
+- [Check mode problems in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1685904)
+
+[0.6] - 2018-05-11
+----------------------------
+
+### New Features
+
+- [RFE: Ansible rhel-system-roles.network: add ETHTOOL_OPTS, LINKDELAY, IPV4_FAILURE_FATAL](https://bugzilla.redhat.com/show_bug.cgi?id=1478576)
+
+### Bug Fixes
+
+- none

SOURCES/CHANGELOG.rst

@@ -0,0 +1 @@
+See docs/CHANGELOG.md

SOURCES/ansible-packaging.inc

@@ -0,0 +1,21 @@
+# Helper macros originally from macros.ansible by Igor Raits <ignatenkobrain>
+# This file is for maintaining the compatibility with macros and other
+# functionality (generators) provided by ansible-packaging on Fedora.
+
+Provides: ansible-collection(%{collection_namespace}.%{collection_name}) = %{collection_version}
+
+# ansible-galaxy is available by ansible-core on RHEL 8.6 and newer at buildtime.
+%define ansible_collection_build() ansible-galaxy collection build
+%define ansible_collection_install() ansible-galaxy collection install -n -p %{buildroot}%{_datadir}/ansible/collections %{collection_namespace}-%{collection_name}-%{version}.tar.gz
+
+%define ansible_roles_dir %{_datadir}/ansible/roles
+%define ansible_collections_dir %{_datadir}/ansible/collections/ansible_collections
+
+# TODO: Officially deprecate this macro and add the following line to the macro
+# def after the new approach has gotten more testing and adoption:
+# %%{warn: %%{ansible_collection_files} is deprecated. Use %%files -f %%{ansible_collection_filelist} instead.}
+%define ansible_collection_files %{shrink:
+%{ansible_collections_dir}/%{collection_namespace}/
+}
+
+%define ansible_collection_filelist %{__ansible_builddir}/ansible_collection_files

SOURCES/ansible-sshd.patch

@@ -1,428 +0,0 @@
-From e3004a25d680a17852ade20fa7438b5d4acfc470 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 6 Apr 2022 10:42:17 +0200
-Subject: [PATCH 1/7] Update templates to apply FIPS hostkeys filter
-
-This fixes up the commit 7f69d1e6
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- templates/sshd_config.j2         | 6 +++++-
- templates/sshd_config_snippet.j2 | 6 +++++-
- 2 files changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
-index 15ee668..8c7f322 100644
---- a/templates/sshd_config.j2
-+++ b/templates/sshd_config.j2
-@@ -22,7 +22,11 @@
- {%   elif sshd[key] is defined %}
- {%     set value = sshd[key] %}
- {%   elif __sshd_defaults[key] is defined and not sshd_skip_defaults %}
--{%     set value = __sshd_defaults[key] %}
-+{%     if key == 'HostKey' and __sshd_fips_mode %}
-+{%       set value = __sshd_defaults[key] | difference(__sshd_hostkeys_nofips) %}
-+{%     else %}
-+{%       set value = __sshd_defaults[key] %}
-+{%     endif %}
- {%   endif %}
- {{ render_option(key,value) -}}
- {% endmacro %}
-diff --git a/templates/sshd_config_snippet.j2 b/templates/sshd_config_snippet.j2
-index 6766e09..6b23c76 100644
---- a/templates/sshd_config_snippet.j2
-+++ b/templates/sshd_config_snippet.j2
-@@ -21,7 +21,11 @@
- {%   elif sshd[key] is defined %}
- {%     set value = sshd[key] %}
- {%   elif __sshd_defaults[key] is defined and not sshd_skip_defaults %}
--{%     set value = __sshd_defaults[key] %}
-+{%     if key == 'HostKey' and __sshd_fips_mode %}
-+{%       set value = __sshd_defaults[key] | difference(__sshd_hostkeys_nofips) %}
-+{%     else %}
-+{%       set value = __sshd_defaults[key] %}
-+{%     endif %}
- {%   endif %}
- {{ render_option(key,value) -}}
- {% endmacro %}
--- 
-2.34.1
-
-
-From 8ee135cbd9ea63e4345a5ec618d64d14f6b03eee Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 6 Apr 2022 11:10:27 +0200
-Subject: [PATCH 2/7] Set explicit path to the main configuration file to work
- well with the drop-in directory
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- tests/tests_alternative_file.yml      | 2 ++
- tests/tests_alternative_file_role.yml | 2 ++
- 2 files changed, 4 insertions(+)
-
-diff --git a/tests/tests_alternative_file.yml b/tests/tests_alternative_file.yml
-index 0a8ccaf..215c726 100644
---- a/tests/tests_alternative_file.yml
-+++ b/tests/tests_alternative_file.yml
-@@ -6,6 +6,7 @@
-       - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
-       - /etc/ssh/sshd_config_custom
-       - /etc/ssh/sshd_config_custom_second
-+      - /tmp/ssh_host_ecdsa_key
-   tasks:
-     - name: "Backup configuration files"
-       include_tasks: tasks/backup.yml
-@@ -52,6 +53,7 @@
-       include_role:
-         name: ansible-sshd
-       vars:
-+        sshd_config_file: /etc/ssh/sshd_config
-         sshd:
-           Banner: /etc/issue
-           Ciphers: aes192-ctr
-diff --git a/tests/tests_alternative_file_role.yml b/tests/tests_alternative_file_role.yml
-index 9177709..3e7c7ea 100644
---- a/tests/tests_alternative_file_role.yml
-+++ b/tests/tests_alternative_file_role.yml
-@@ -6,6 +6,7 @@
-       - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
-       - /etc/ssh/sshd_config_custom
-       - /etc/ssh/sshd_config_custom_second
-+      - /tmp/ssh_host_ecdsa_key
-   tasks:
-     - name: "Backup configuration files"
-       include_tasks: tasks/backup.yml
-@@ -57,6 +58,7 @@
-   roles:
-     - ansible-sshd
-   vars:
-+    sshd_config_file: /etc/ssh/sshd_config
-     sshd:
-       Banner: /etc/issue
-       Ciphers: aes192-ctr
--- 
-2.34.1
-
-
-From 041e86952d14b5c90795fb553e7ba942d541a6b3 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 6 Apr 2022 11:17:12 +0200
-Subject: [PATCH 3/7] tests: Fix OS detection to match also CentOS 9
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- tests/tasks/setup.yml | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/tests/tasks/setup.yml b/tests/tasks/setup.yml
-index 90a3f00..a0e9324 100644
---- a/tests/tasks/setup.yml
-+++ b/tests/tasks/setup.yml
-@@ -26,6 +26,5 @@
-     main_sshd_config_name: 00-ansible_system_role.conf
-     main_sshd_config_path: /etc/ssh/sshd_config.d/
-   when: >
--    ansible_facts['distribution'] == 'Fedora' or
--    (ansible_facts['distribution'] == 'RedHat' and
--     ansible_facts['distribution_major_version']|int > 8)
-+    ansible_facts['os_family'] == 'RedHat' and
-+    ansible_facts['distribution_major_version']|int > 8
--- 
-2.34.1
-
-
-From e33f2f5bb874aa786ac0c81e8ef63509033f6644 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 6 Apr 2022 11:20:34 +0200
-Subject: [PATCH 4/7] tests: Slurp the correct file when writing main config
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- tests/tests_alternative_file.yml      | 2 +-
- tests/tests_alternative_file_role.yml | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tests/tests_alternative_file.yml b/tests/tests_alternative_file.yml
-index 215c726..172c73a 100644
---- a/tests/tests_alternative_file.yml
-+++ b/tests/tests_alternative_file.yml
-@@ -82,7 +82,7 @@
- 
-         - name: Print the main configuration file
-           slurp:
--            src: "{{ main_sshd_config }}"
-+            src: /etc/ssh/sshd_config
-           register: config3
- 
-         - name: Check content of first configuration file
-diff --git a/tests/tests_alternative_file_role.yml b/tests/tests_alternative_file_role.yml
-index 3e7c7ea..09fbce4 100644
---- a/tests/tests_alternative_file_role.yml
-+++ b/tests/tests_alternative_file_role.yml
-@@ -98,7 +98,7 @@
- 
-         - name: Print the main configuration file
-           slurp:
--            src: "{{ main_sshd_config }}"
-+            src: /etc/ssh/sshd_config
-           register: config3
- 
-         - name: Check content of first configuration file
--- 
-2.34.1
-
-
-From 8d91dcecd000e7843ad9e827c3d2e6e04ce05e8d Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 6 Apr 2022 20:28:32 +0200
-Subject: [PATCH 5/7] Unbreak FIPS detection and hostkey filtering
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- tasks/install.yml | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
-
-diff --git a/tasks/install.yml b/tasks/install.yml
-index f1d8455..571281c 100644
---- a/tasks/install.yml
-+++ b/tasks/install.yml
-@@ -40,10 +40,11 @@
- 
- - name: Make sure hostkeys are available and have expected permissions
-   vars: &share_vars
-+    # 'MAo=' evaluates to '0\n' in base 64 encoding, which is default
-     __sshd_fips_mode: >-
--      - __sshd_hostkeys_nofips | d([])
--      - __sshd_kernel_fips_mode.content | b64decode == "1" | bool or \
--        __sshd_userspace_fips_mode.content | b64decode != "0" | bool
-+      {{ __sshd_hostkeys_nofips | d([]) and
-+         (__sshd_kernel_fips_mode.content | d('MAo=') | b64decode | trim == '1' or
-+          __sshd_userspace_fips_mode.content | d('MAo=') | b64decode | trim != '0') }}
-     # This mimics the macro body_option() in sshd_config.j2
-     # The explicit to_json filter is needed for Python 2 compatibility
-     __sshd_hostkeys_from_config: >-
-@@ -58,14 +59,14 @@
-           {{ __sshd_defaults['HostKey'] | to_json }}
-         {% endif %}
-       {% else %}
--        []
-+        {{ [] | to_json }}
-       {% endif %}
-     __sshd_verify_hostkeys: >-
-       {% if not sshd_verify_hostkeys %}
--        []
-+        {{ [] | to_json }}
-       {% elif sshd_verify_hostkeys == 'auto' %}
--        {% if sshd_HostKey is string %}
--          [ {{ __sshd_hostkeys_from_config }} ]
-+        {% if __sshd_hostkeys_from_config | from_json is string %}
-+          {{ [ __sshd_hostkeys_from_config | from_json ] | to_json }}
-         {% else %}
-           {{ __sshd_hostkeys_from_config }}
-         {% endif %}
--- 
-2.34.1
-
-
-From d839fb207e29cbbbc1d256260190f113c332ecba Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Mon, 11 Apr 2022 13:06:24 +0200
-Subject: [PATCH 6/7] tests: Add negative test for FIPS mode
-
-This fixes also a typo that was overlooked previously
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- tests/tests_hostkeys_fips.yml | 53 ++++++++++++++++++++++++++++++-----
- 1 file changed, 46 insertions(+), 7 deletions(-)
-
-diff --git a/tests/tests_hostkeys_fips.yml b/tests/tests_hostkeys_fips.yml
-index 65cc765..7cf3767 100644
---- a/tests/tests_hostkeys_fips.yml
-+++ b/tests/tests_hostkeys_fips.yml
-@@ -4,13 +4,52 @@
-     __sshd_test_backup_files:
-       - /etc/ssh/sshd_config
-       - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
--      - /etc/ssh/ssh_host_ed255519_key
--      - /etc/ssh/ssh_host_ed255519_key.pub
-+      - /etc/ssh/ssh_host_ed25519_key
-+      - /etc/ssh/ssh_host_ed25519_key.pub
-       - /etc/system-fips
-   tasks:
-     - name: "Backup configuration files"
-       include_tasks: tasks/backup.yml
- 
-+    - name: Run the role with default parameters without FIPS mode
-+      include_role:
-+        name: ansible-sshd
-+
-+    - name: Verify the options are correctly set
-+      block:
-+        - meta: flush_handlers
-+
-+        - name: Print current configuration file
-+          slurp:
-+            src: "{{ main_sshd_config }}"
-+          register: config
-+
-+        - name: Get stat of private key
-+          stat:
-+            path: /etc/ssh/ssh_host_ed25519_key
-+          register: privkey
-+
-+        - name: Get stat of public key
-+          stat:
-+            path: /etc/ssh/ssh_host_ed25519_key.pub
-+          register: pubkey
-+
-+        - name: Check the key is in configuration file (without include)
-+          assert:
-+            that:
-+              - "'HostKey /etc/ssh/ssh_host_ed25519_key' in config.content | b64decode"
-+          when:
-+            - ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version']|int < 9
-+
-+        - name: Check host key was generated
-+          assert:
-+            that:
-+              - privkey.stat.exists
-+              - pubkey.stat.exists
-+      when:
-+        - ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version']|int > 6
-+      tags: tests::verify
-+
-     - name: Fake FIPS mode
-       block:
-         - name: Create temporary directory
-@@ -40,13 +79,13 @@
-     - name: Remove the Ed25519 hostkey
-       file:
-         path:
--          /etc/ssh/ssh_host_ed255519_key
-+          /etc/ssh/ssh_host_ed25519_key
-         state: absent
- 
-     - name: Remove the Ed25519 pubkey
-       file:
-         path:
--          /etc/ssh/ssh_host_ed255519_key.pub
-+          /etc/ssh/ssh_host_ed25519_key.pub
-         state: absent
- 
-     - name: Run the role with default parameters
-@@ -64,18 +103,18 @@
- 
-         - name: Get stat of private key
-           stat:
--            path: /etc/ssh/ssh_host_ed255519_key
-+            path: /etc/ssh/ssh_host_ed25519_key
-           register: privkey
- 
-         - name: Get stat of public key
-           stat:
--            path: /etc/ssh/ssh_host_ed255519_key.pub
-+            path: /etc/ssh/ssh_host_ed25519_key.pub
-           register: pubkey
- 
-         - name: Check the key is not in configuration file
-           assert:
-             that:
--              - "'HostKey /etc/ssh/ssh_host_ed255519_key' not in config.content | b64decode"
-+              - "'HostKey /etc/ssh/ssh_host_ed25519_key' not in config.content | b64decode"
- 
-         - name: Check no host key was generated
-           assert:
--- 
-2.34.1
-
-
-From 2a49697fa4bb6281796e76a4b7ee34c356f802cc Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Mon, 11 Apr 2022 13:07:44 +0200
-Subject: [PATCH 7/7] Introduce default hostkeys to check when using drop-in
- directory
-
-Previously no hostkeys were checked if they were not present
-in the generated configuration file. When the drop-in directory is
-used, usually, there are no hostkeys in that file and no sanity
-check for hostkeys was executed.
-
-This amends the "auto" value for the hostkeys check to allow checking
-for default hostkeys that are read by OpenSSH by default.
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- defaults/main.yml | 1 +
- tasks/install.yml | 8 +++++++-
- vars/Fedora.yml   | 6 ++++++
- vars/RedHat_9.yml | 6 ++++++
- 4 files changed, 20 insertions(+), 1 deletion(-)
-
-diff --git a/defaults/main.yml b/defaults/main.yml
-index 18d6114..7e40e51 100644
---- a/defaults/main.yml
-+++ b/defaults/main.yml
-@@ -61,6 +61,7 @@ sshd_sftp_server: /usr/lib/openssh/sftp-server
- # configuration or restarting), we make sure the keys exist and have correct
- # permissions. To disable this check, set sshd_verify_hostkeys to false
- sshd_verify_hostkeys: "auto"
-+__sshd_verify_hostkeys_default: []
- sshd_hostkey_owner: "{{ __sshd_hostkey_owner }}"
- sshd_hostkey_group: "{{ __sshd_hostkey_group }}"
- sshd_hostkey_mode: "{{ __sshd_hostkey_mode }}"
-diff --git a/tasks/install.yml b/tasks/install.yml
-index 571281c..fa7d3c3 100644
---- a/tasks/install.yml
-+++ b/tasks/install.yml
-@@ -65,7 +65,13 @@
-       {% if not sshd_verify_hostkeys %}
-         {{ [] | to_json }}
-       {% elif sshd_verify_hostkeys == 'auto' %}
--        {% if __sshd_hostkeys_from_config | from_json is string %}
-+        {% if not __sshd_hostkeys_from_config | from_json %}
-+          {% if __sshd_fips_mode %}
-+            {{ __sshd_verify_hostkeys_default | difference(__sshd_hostkeys_nofips) | to_json }}
-+          {% else %}
-+            {{ __sshd_verify_hostkeys_default | to_json }}
-+          {% endif %}
-+        {% elif __sshd_hostkeys_from_config | from_json is string %}
-           {{ [ __sshd_hostkeys_from_config | from_json ] | to_json }}
-         {% else %}
-           {{ __sshd_hostkeys_from_config }}
-diff --git a/vars/Fedora.yml b/vars/Fedora.yml
-index 77bf172..cf2b081 100644
---- a/vars/Fedora.yml
-+++ b/vars/Fedora.yml
-@@ -9,5 +9,11 @@ sshd_sftp_server: /usr/libexec/openssh/sftp-server
- __sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
- __sshd_defaults:
- __sshd_os_supported: yes
-+__sshd_verify_hostkeys_default:
-+  - /etc/ssh/ssh_host_rsa_key
-+  - /etc/ssh/ssh_host_ecdsa_key
-+  - /etc/ssh/ssh_host_ed25519_key
-+__sshd_hostkeys_nofips:
-+  - /etc/ssh/ssh_host_ed25519_key
- __sshd_hostkey_group: ssh_keys
- __sshd_hostkey_mode: "0640"
-diff --git a/vars/RedHat_9.yml b/vars/RedHat_9.yml
-index 33df26a..55239f4 100644
---- a/vars/RedHat_9.yml
-+++ b/vars/RedHat_9.yml
-@@ -9,5 +9,11 @@ sshd_sftp_server: /usr/libexec/openssh/sftp-server
- __sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
- __sshd_defaults:
- __sshd_os_supported: yes
-+__sshd_verify_hostkeys_default:
-+  - /etc/ssh/ssh_host_rsa_key
-+  - /etc/ssh/ssh_host_ecdsa_key
-+  - /etc/ssh/ssh_host_ed25519_key
-+__sshd_hostkeys_nofips:
-+  - /etc/ssh/ssh_host_ed25519_key
- __sshd_hostkey_group: ssh_keys
- __sshd_hostkey_mode: "0640"
--- 
-2.34.1
-

SOURCES/extrasources.inc

@@ -0,0 +1,10 @@
+Source801: https://galaxy.ansible.com/download/ansible-posix-1.5.4.tar.gz
+Source901: https://galaxy.ansible.com/download/community-general-8.3.0.tar.gz
+Source902: https://galaxy.ansible.com/download/containers-podman-1.12.0.tar.gz
+
+Provides: bundled(ansible-collection(ansible.posix)) = 1.5.4
+Provides: bundled(ansible-collection(community.general)) = 8.3.0
+Provides: bundled(ansible-collection(containers.podman)) = 1.12.0
+
+Source996: CHANGELOG.rst
+Source998: collection_readme.sh

SOURCES/network-disable-bondtests.diff

@@ -1,65 +0,0 @@
-From d6c8319f52f3859b28044841063adf0013df878b Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Thu, 25 Mar 2021 13:57:45 -0600
-Subject: [PATCH 3/4] Patch53: network-disable-bondtests.diff
-
----
- tests/playbooks/tests_bond.yml              | 2 ++
- tests/playbooks/tests_bond_deprecated.yml   | 2 ++
- tests/tests_bond_deprecated_initscripts.yml | 1 +
- tests/tests_bond_initscripts.yml            | 1 +
- 4 files changed, 6 insertions(+)
-
-diff --git a/tests/playbooks/tests_bond.yml b/tests/playbooks/tests_bond.yml
-index 1e45788..d3005a6 100644
---- a/tests/playbooks/tests_bond.yml
-+++ b/tests/playbooks/tests_bond.yml
-@@ -8,6 +8,8 @@
-     dhcp_interface1: test1
-     port2_profile: bond0.1
-     dhcp_interface2: test2
-+  tags:
-+    - "tests::expfail"
-   tasks:
-     - name: "INIT Prepare setup"
-       debug:
-diff --git a/tests/playbooks/tests_bond_deprecated.yml b/tests/playbooks/tests_bond_deprecated.yml
-index f37e19a..ae475c4 100644
---- a/tests/playbooks/tests_bond_deprecated.yml
-+++ b/tests/playbooks/tests_bond_deprecated.yml
-@@ -8,6 +8,8 @@
-     dhcp_interface1: test1
-     port2_profile: bond0.1
-     dhcp_interface2: test2
-+  tags:
-+    - "tests::expfail"
-   tasks:
-     - name: "INIT Prepare setup"
-       debug:
-diff --git a/tests/tests_bond_deprecated_initscripts.yml b/tests/tests_bond_deprecated_initscripts.yml
-index 383b488..cdf3de0 100644
---- a/tests/tests_bond_deprecated_initscripts.yml
-+++ b/tests/tests_bond_deprecated_initscripts.yml
-@@ -10,6 +10,7 @@
-         network_provider: initscripts
-       tags:
-         - always
-+        - "tests::expfail"
- 
- - import_playbook: playbooks/tests_bond_deprecated.yml
-   when: (ansible_distribution in ['CentOS','RedHat'] and
-diff --git a/tests/tests_bond_initscripts.yml b/tests/tests_bond_initscripts.yml
-index 8fa74c5..6a231c4 100644
---- a/tests/tests_bond_initscripts.yml
-+++ b/tests/tests_bond_initscripts.yml
-@@ -10,6 +10,7 @@
-         network_provider: initscripts
-       tags:
-         - always
-+        - "tests::expfail"
- 
- - import_playbook: playbooks/tests_bond.yml
-   when: (ansible_distribution in ['CentOS','RedHat'] and
--- 
-2.30.2
-

SOURCES/vendoring-build.inc

@@ -0,0 +1,102 @@
+# maps the source file to the roles that use that file
+# value can be string or space delimited list of strings
+# role name `__collection` means - do not vendor into
+# role, just vendor directly into the collection
+declare -A plugin_map=(
+  [ansible/posix/plugins/modules/selinux.py]=selinux
+  [ansible/posix/plugins/modules/seboolean.py]=selinux
+  [ansible/posix/plugins/modules/mount.py]=storage
+  [ansible/posix/plugins/modules/rhel_facts.py]=__collection
+  [ansible/posix/plugins/modules/rhel_rpm_ostree.py]=__collection
+  [ansible/posix/plugins/module_utils/mount.py]=storage
+  [community/general/plugins/modules/ini_file.py]="tlog ad_integration"
+  [community/general/plugins/modules/modprobe.py]=ha_cluster
+  [community/general/plugins/modules/redhat_subscription.py]=rhc
+  [community/general/plugins/modules/rhsm_release.py]=rhc
+  [community/general/plugins/modules/rhsm_repository.py]=rhc
+  [community/general/plugins/modules/seport.py]=selinux
+  [community/general/plugins/modules/sefcontext.py]=selinux
+  [community/general/plugins/modules/selogin.py]=selinux
+  [containers/podman/plugins/modules/podman_container_info.py]=podman
+  [containers/podman/plugins/modules/podman_image.py]=podman
+  [containers/podman/plugins/modules/podman_play.py]=podman
+  [containers/podman/plugins/modules/podman_secret.py]=podman
+  [containers/podman/plugins/module_utils/podman/common.py]=podman
+)
+
+declare -a modules mod_utils collection_plugins
+declare -A dests
+# vendor in plugin files - fix documentation, fragments
+for src in "${!plugin_map[@]}"; do
+  roles="${plugin_map["$src"]}"
+  if [ "$roles" = __collection ]; then
+    collection_plugins+=("$src")
+  else
+    case "$src" in
+    */plugins/modules/*) srcdir=plugins/modules; subdir=library; modules+=("$src") ;;
+    */plugins/module_utils/*) srcdir=plugins/module_utils; mod_utils+=("$src") ;;
+    */plugins/action/*) srcdir=plugins/action ;;
+    esac
+  fi
+  for role in $roles; do
+    if [ "$role" = __collection ]; then
+      dest="%{collection_build_path}/plugins${src/#*plugins/}"
+      dests["$dest"]=__collection
+    else
+      case "$src" in
+      */plugins/module_utils/*) subdir="module_utils/${role}_lsr" ;;
+      esac
+      dest="$role/${src/#*${srcdir}/${subdir}}"
+      dests["$dest"]="$role"
+    fi
+    destdir="$(dirname "$dest")"
+    if [ ! -d "$destdir" ]; then
+      mkdir -p "$destdir"
+    fi
+    cp -pL ".external/$src" "$dest"
+    sed -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this plugin directly! It is only for role internal use.\n\1/' \
+      -e '/^extends_documentation_fragment:/,/^[^ -]/{/^extends/d;/^[ -]/d}' \
+      -i "$dest"
+  done
+done
+
+# remove the temporary .external directory after vendoring
+rm -rf .external
+
+# fix python imports to point from the old name to the new name
+for dest in "${!dests[@]}"; do
+  role="${dests["$dest"]}"
+  for module in "${modules[@]}"; do
+    python_name="$(dirname "$module")"
+    python_name="${python_name////[.]}"
+    sed -e "s/ansible_collections[.]${python_name}[.]/ansible.modules./" -i "$dest"
+  done
+  for mod_util in "${mod_utils[@]}"; do
+    # some mod_utils have subdirs, some do not
+    split=(${mod_util//// })
+    python_name="ansible_collections[.]${split[0]}[.]${split[1]}[.]plugins[.]module_utils[.]"
+    sed -e "s/${python_name}/ansible.module_utils.${role}_lsr./" -i "$dest"
+  done
+  for plugin in "${collection_plugins[@]}"; do
+    python_name="$(dirname "$plugin")"
+    dest_python_name="%{collection_namespace}/%{collection_name}/plugins${python_name/#*plugins/}"
+    src_python_name="ansible_collections.${python_name////[.]}"
+    dest_python_name="ansible_collections.${dest_python_name////.}"
+    sed -e "s/${src_python_name}/${dest_python_name}/" -i "$dest"
+  done
+done
+
+# Replacing "linux-system-roles.rolename" with "rhel-system-roles.rolename" in each role
+# Replacing "fedora.linux_system_roles." with "redhat.rhel_system_roles" in each role
+# This is for the "roles calling other roles" case
+# for podman, change the FQCN - using a non-FQCN module name doesn't seem to work,
+# even for the legacy role format
+for rolename in %{rolenames}; do
+    find "$rolename" -type f -exec \
+         sed -e "s/linux-system-roles[.]${rolename}\\>/%{roleinstprefix}${rolename}/g" \
+             -e "s/fedora[.]linux_system_roles[.]/%{collection_namespace}.%{collection_name}./g" \
+             -e "s/containers[.]podman[.]/%{collection_namespace}.%{collection_name}./g" \
+             -e "s/community[.]general[.]/%{collection_namespace}.%{collection_name}./g" \
+             -e "s/ansible[.]posix[.]/%{collection_namespace}.%{collection_name}./g" \
+             -i {} \;
+done

SOURCES/vendoring-prep.inc

@@ -0,0 +1,12 @@
+# Untar vendored collection tarballs to corresponding directories
+for file in %{SOURCE801} %{SOURCE901} %{SOURCE902}; do
+    if [[ "$(basename $file)" =~ ([^-]+)-([^-]+)-(.+).tar.gz ]]; then
+        ns=${BASH_REMATCH[1]}
+        name=${BASH_REMATCH[2]}
+        ver=${BASH_REMATCH[3]}
+        mkdir -p .external/$ns/$name
+        pushd .external/$ns/$name > /dev/null
+        tar xfz "$file"
+        popd > /dev/null
+    fi
+done