Compare commits
4 Commits
imports/c8
...
c8
Author | SHA1 | Date | |
---|---|---|---|
260649931c | |||
0afba46f9c | |||
|
bfd57292a0 | ||
|
c20a826a95 |
57
.gitignore
vendored
57
.gitignore
vendored
@ -1,23 +1,34 @@
|
|||||||
SOURCES/ansible-posix-1.3.0.tar.gz
|
SOURCES/ad_integration-1.4.2.tar.gz
|
||||||
SOURCES/ansible-sshd-214df35c0bee77b5d69f49c2da269251d451b28f.tar.gz
|
SOURCES/ansible-posix-1.5.4.tar.gz
|
||||||
SOURCES/auto-maintenance-5e7bb389fc5e93184871b3907e75ba896874dc21.tar.gz
|
SOURCES/ansible-sshd-v0.23.2.tar.gz
|
||||||
SOURCES/certificate-1.1.3.tar.gz
|
SOURCES/auto-maintenance-11ad785c9bb72611244e7909450ca4247e12db4d.tar.gz
|
||||||
SOURCES/cockpit-1.2.1.tar.gz
|
SOURCES/bootloader-1.0.3.tar.gz
|
||||||
SOURCES/community-general-4.6.0.tar.gz
|
SOURCES/certificate-1.3.3.tar.gz
|
||||||
SOURCES/crypto_policies-1.2.3.tar.gz
|
SOURCES/cockpit-1.5.5.tar.gz
|
||||||
SOURCES/firewall-1.1.0.tar.gz
|
SOURCES/community-general-8.3.0.tar.gz
|
||||||
SOURCES/ha_cluster-1.4.1.tar.gz
|
SOURCES/containers-podman-1.12.0.tar.gz
|
||||||
SOURCES/kdump-1.2.2.tar.gz
|
SOURCES/crypto_policies-1.3.2.tar.gz
|
||||||
SOURCES/kernel_settings-1.1.6.tar.gz
|
SOURCES/fapolicyd-1.1.1.tar.gz
|
||||||
SOURCES/logging-1.8.1.tar.gz
|
SOURCES/firewall-1.7.4.tar.gz
|
||||||
SOURCES/metrics-1.5.1.tar.gz
|
SOURCES/ha_cluster-1.14.0.tar.gz
|
||||||
SOURCES/nbde_client-1.2.2.tar.gz
|
SOURCES/journald-1.2.3.tar.gz
|
||||||
SOURCES/nbde_server-1.1.2.tar.gz
|
SOURCES/kdump-1.4.4.tar.gz
|
||||||
SOURCES/network-1.7.1.tar.gz
|
SOURCES/kernel_settings-1.2.2.tar.gz
|
||||||
SOURCES/postfix-1.2.0.tar.gz
|
SOURCES/keylime_server-1.1.2.tar.gz
|
||||||
SOURCES/selinux-1.3.4.tar.gz
|
SOURCES/logging-1.12.4.tar.gz
|
||||||
SOURCES/ssh-1.1.4.tar.gz
|
SOURCES/metrics-1.10.1.tar.gz
|
||||||
SOURCES/storage-1.7.0.tar.gz
|
SOURCES/nbde_client-1.2.17.tar.gz
|
||||||
SOURCES/timesync-1.6.6.tar.gz
|
SOURCES/nbde_server-1.4.3.tar.gz
|
||||||
SOURCES/tlog-1.2.6.tar.gz
|
SOURCES/network-1.15.1.tar.gz
|
||||||
SOURCES/vpn-1.3.2.tar.gz
|
SOURCES/podman-1.4.7.tar.gz
|
||||||
|
SOURCES/postfix-1.4.3.tar.gz
|
||||||
|
SOURCES/postgresql-1.3.5.tar.gz
|
||||||
|
SOURCES/rhc-1.6.0.tar.gz
|
||||||
|
SOURCES/selinux-1.7.4.tar.gz
|
||||||
|
SOURCES/snapshot-1.3.1.tar.gz
|
||||||
|
SOURCES/ssh-1.3.2.tar.gz
|
||||||
|
SOURCES/storage-1.16.2.tar.gz
|
||||||
|
SOURCES/systemd-1.1.2.tar.gz
|
||||||
|
SOURCES/timesync-1.8.2.tar.gz
|
||||||
|
SOURCES/tlog-1.3.3.tar.gz
|
||||||
|
SOURCES/vpn-1.6.3.tar.gz
|
||||||
|
@ -1,23 +0,0 @@
|
|||||||
d2d2382c38eaf34d2295aba2aa4652d75ebbaeef SOURCES/ansible-posix-1.3.0.tar.gz
|
|
||||||
a4d4556cf6628e87fa62dec6c46099338b499930 SOURCES/ansible-sshd-214df35c0bee77b5d69f49c2da269251d451b28f.tar.gz
|
|
||||||
a2ec14498a7fd213f08dd24ca139039c958b07fd SOURCES/auto-maintenance-5e7bb389fc5e93184871b3907e75ba896874dc21.tar.gz
|
|
||||||
cee41b5fd6359e9ddeb83c5af7b8057fef6b2334 SOURCES/certificate-1.1.3.tar.gz
|
|
||||||
004064268df0e7dd154331b7799272d3277388d4 SOURCES/cockpit-1.2.1.tar.gz
|
|
||||||
ad8684050c86bad7ce4882a84e14be6867a56d8d SOURCES/community-general-4.6.0.tar.gz
|
|
||||||
0684c1335923ba8ebbb05afbd507e5ff31f874d6 SOURCES/crypto_policies-1.2.3.tar.gz
|
|
||||||
fcb8d48ccaeba886859ce6afd3d14bbb3f8a5667 SOURCES/firewall-1.1.0.tar.gz
|
|
||||||
9a990a4908bdf3269bce4f214907623780a5e221 SOURCES/ha_cluster-1.4.1.tar.gz
|
|
||||||
a1c9c89dea1dbe2410465c29ad0e1d3637ac5f52 SOURCES/kdump-1.2.2.tar.gz
|
|
||||||
0a681d1e3b236c4750d663f2a833e786a5e958ab SOURCES/kernel_settings-1.1.6.tar.gz
|
|
||||||
e530528ba5f9478cc8604aa6612388ea8e5078af SOURCES/logging-1.8.1.tar.gz
|
|
||||||
430ce63a7b45b97305e4f8591192fa7e58af8292 SOURCES/metrics-1.5.1.tar.gz
|
|
||||||
0424321322eb4d80560a8d2d9fee406296728463 SOURCES/nbde_client-1.2.2.tar.gz
|
|
||||||
33f0a3ea008021e69b2bbd7b25f6536f91e7613d SOURCES/nbde_server-1.1.2.tar.gz
|
|
||||||
dcd2261fe6b6a998aca3eb6c968204152e2ffd51 SOURCES/network-1.7.1.tar.gz
|
|
||||||
95c54da9ef5acaae9553f2c4ed250452502ab9e0 SOURCES/postfix-1.2.0.tar.gz
|
|
||||||
4e5c5216814577ee55304721e5c811ed8857efbc SOURCES/selinux-1.3.4.tar.gz
|
|
||||||
f38972c4b22a9f226b58725c7e9ba8fac692bba2 SOURCES/ssh-1.1.4.tar.gz
|
|
||||||
0728b4e01261f84ce470431a4ea21907db75f26a SOURCES/storage-1.7.0.tar.gz
|
|
||||||
0bd118c9df9bf556a76d42c92bde11fde5553eba SOURCES/timesync-1.6.6.tar.gz
|
|
||||||
d10a0dd866c1ce982d2ba22500718df3fb2ab766 SOURCES/tlog-1.2.6.tar.gz
|
|
||||||
d1bb00636c04bc1b2d94ce0e491afe9ef921cd56 SOURCES/vpn-1.3.2.tar.gz
|
|
@ -1,151 +0,0 @@
|
|||||||
From acb99e74a24fa07863c596fe59d2999adc28c249 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vojtech Trefny <vtrefny@redhat.com>
|
|
||||||
Date: Thu, 2 Jun 2022 15:18:19 +0200
|
|
||||||
Subject: [PATCH] LVM RAID raid0 level support (#272)
|
|
||||||
|
|
||||||
* Add workaround for missing LVM raid0 support in blivet
|
|
||||||
|
|
||||||
Blivet supports creating LVs with segment type "raid0" but it is
|
|
||||||
not in the list of supported RAID levels. This will be fixed in
|
|
||||||
blivet, see https://github.com/storaged-project/blivet/pull/1047
|
|
||||||
|
|
||||||
* Add a test for LVM RAID raid0 level
|
|
||||||
|
|
||||||
* README: Remove "striped" from the list of supported RAID for pools
|
|
||||||
|
|
||||||
We use MD RAID for RAIDs on the pool level which doesn't support
|
|
||||||
"striped" level.
|
|
||||||
|
|
||||||
* README: Clarify supported volume RAID levels
|
|
||||||
|
|
||||||
We support different levels for LVM RAID and MD RAID.
|
|
||||||
|
|
||||||
(cherry picked from commit 8b868a348155b08479743945aba88271121ad4b0)
|
|
||||||
---
|
|
||||||
README.md | 7 ++-
|
|
||||||
library/blivet.py | 7 +++
|
|
||||||
tests/tests_create_raid_pool_then_remove.yml | 54 ++++++++++++++++++++
|
|
||||||
3 files changed, 66 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/README.md b/README.md
|
|
||||||
index f8e3daa..bd123d7 100644
|
|
||||||
--- a/README.md
|
|
||||||
+++ b/README.md
|
|
||||||
@@ -54,7 +54,7 @@ device node basename (like `sda` or `mpathb`), /dev/disk/ symlink
|
|
||||||
##### `raid_level`
|
|
||||||
When used with `type: lvm` it manages a volume group with a mdraid array of given level
|
|
||||||
on it. Input `disks` are in this case used as RAID members.
|
|
||||||
-Accepted values are: `linear`, `striped`, `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10`
|
|
||||||
+Accepted values are: `linear`, `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10`
|
|
||||||
|
|
||||||
##### `volumes`
|
|
||||||
This is a list of volumes that belong to the current pool. It follows the
|
|
||||||
@@ -136,7 +136,10 @@ Specifies RAID level. LVM RAID can be created as well.
|
|
||||||
"Regular" RAID volume requires type to be `raid`.
|
|
||||||
LVM RAID needs that volume has `storage_pools` parent with type `lvm`,
|
|
||||||
`raid_disks` need to be specified as well.
|
|
||||||
-Accepted values are: `linear` (N/A for LVM RAID), `striped`, `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10`
|
|
||||||
+Accepted values are:
|
|
||||||
+* for LVM RAID volume: `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10`, `striped`, `mirror`
|
|
||||||
+* for RAID volume: `linear`, `raid0`, `raid1`, `raid4`, `raid5`, `raid6`, `raid10`
|
|
||||||
+
|
|
||||||
__WARNING__: Changing `raid_level` for a volume is a destructive operation, meaning
|
|
||||||
all data on that volume will be lost as part of the process of
|
|
||||||
removing old and adding new RAID. RAID reshaping is currently not
|
|
||||||
diff --git a/library/blivet.py b/library/blivet.py
|
|
||||||
index 29552fa..33c93b2 100644
|
|
||||||
--- a/library/blivet.py
|
|
||||||
+++ b/library/blivet.py
|
|
||||||
@@ -118,6 +118,7 @@ LIB_IMP_ERR = ""
|
|
||||||
try:
|
|
||||||
from blivet3 import Blivet
|
|
||||||
from blivet3.callbacks import callbacks
|
|
||||||
+ from blivet3 import devicelibs
|
|
||||||
from blivet3 import devices
|
|
||||||
from blivet3.deviceaction import ActionConfigureFormat
|
|
||||||
from blivet3.flags import flags as blivet_flags
|
|
||||||
@@ -132,6 +133,7 @@ except ImportError:
|
|
||||||
try:
|
|
||||||
from blivet import Blivet
|
|
||||||
from blivet.callbacks import callbacks
|
|
||||||
+ from blivet import devicelibs
|
|
||||||
from blivet import devices
|
|
||||||
from blivet.deviceaction import ActionConfigureFormat
|
|
||||||
from blivet.flags import flags as blivet_flags
|
|
||||||
@@ -152,6 +154,11 @@ if BLIVET_PACKAGE:
|
|
||||||
set_up_logging()
|
|
||||||
log = logging.getLogger(BLIVET_PACKAGE + ".ansible")
|
|
||||||
|
|
||||||
+ # XXX add support for LVM RAID raid0 level
|
|
||||||
+ devicelibs.lvm.raid_levels.add_raid_level(devicelibs.raid.RAID0)
|
|
||||||
+ if "raid0" not in devicelibs.lvm.raid_seg_types:
|
|
||||||
+ devicelibs.lvm.raid_seg_types.append("raid0")
|
|
||||||
+
|
|
||||||
|
|
||||||
MAX_TRIM_PERCENT = 2
|
|
||||||
|
|
||||||
diff --git a/tests/tests_create_raid_pool_then_remove.yml b/tests/tests_create_raid_pool_then_remove.yml
|
|
||||||
index d81680d..1fb4e15 100644
|
|
||||||
--- a/tests/tests_create_raid_pool_then_remove.yml
|
|
||||||
+++ b/tests/tests_create_raid_pool_then_remove.yml
|
|
||||||
@@ -150,3 +150,57 @@
|
|
||||||
raid_disks: "{{ [unused_disks[0], unused_disks[1]] }}"
|
|
||||||
|
|
||||||
- include_tasks: verify-role-results.yml
|
|
||||||
+
|
|
||||||
+ - name: Create a RAID0 lvm raid device
|
|
||||||
+ include_role:
|
|
||||||
+ name: linux-system-roles.storage
|
|
||||||
+ vars:
|
|
||||||
+ storage_pools:
|
|
||||||
+ - name: vg1
|
|
||||||
+ disks: "{{ unused_disks }}"
|
|
||||||
+ type: lvm
|
|
||||||
+ state: present
|
|
||||||
+ volumes:
|
|
||||||
+ - name: lv1
|
|
||||||
+ size: "{{ volume1_size }}"
|
|
||||||
+ mount_point: "{{ mount_location1 }}"
|
|
||||||
+ raid_disks: "{{ [unused_disks[0], unused_disks[1]] }}"
|
|
||||||
+ raid_level: raid0
|
|
||||||
+
|
|
||||||
+ - include_tasks: verify-role-results.yml
|
|
||||||
+
|
|
||||||
+ - name: Repeat the previous invocation to verify idempotence
|
|
||||||
+ include_role:
|
|
||||||
+ name: linux-system-roles.storage
|
|
||||||
+ vars:
|
|
||||||
+ storage_pools:
|
|
||||||
+ - name: vg1
|
|
||||||
+ disks: "{{ unused_disks }}"
|
|
||||||
+ type: lvm
|
|
||||||
+ state: present
|
|
||||||
+ volumes:
|
|
||||||
+ - name: lv1
|
|
||||||
+ size: "{{ volume1_size }}"
|
|
||||||
+ mount_point: "{{ mount_location1 }}"
|
|
||||||
+ raid_level: raid0
|
|
||||||
+ raid_disks: "{{ [unused_disks[0], unused_disks[1]] }}"
|
|
||||||
+
|
|
||||||
+ - include_tasks: verify-role-results.yml
|
|
||||||
+
|
|
||||||
+ - name: Remove the device created above
|
|
||||||
+ include_role:
|
|
||||||
+ name: linux-system-roles.storage
|
|
||||||
+ vars:
|
|
||||||
+ storage_pools:
|
|
||||||
+ - name: vg1
|
|
||||||
+ disks: "{{ unused_disks }}"
|
|
||||||
+ type: lvm
|
|
||||||
+ state: absent
|
|
||||||
+ volumes:
|
|
||||||
+ - name: lv1
|
|
||||||
+ size: "{{ volume1_size }}"
|
|
||||||
+ mount_point: "{{ mount_location1 }}"
|
|
||||||
+ raid_level: raid0
|
|
||||||
+ raid_disks: "{{ [unused_disks[0], unused_disks[1]] }}"
|
|
||||||
+
|
|
||||||
+ - include_tasks: verify-role-results.yml
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
@ -1,192 +0,0 @@
|
|||||||
From ba8a97039805f488c26b4d857f0137a349359c23 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Richard Megginson <rmeggins@redhat.com>
|
|
||||||
Date: Mon, 16 May 2022 07:51:43 -0600
|
|
||||||
Subject: [PATCH] add support for mount_options (#270)
|
|
||||||
|
|
||||||
* add support for mount_options
|
|
||||||
|
|
||||||
When support for argument validation was added, that support did not
|
|
||||||
include the `mount_options` parameter. This fix adds back that
|
|
||||||
parameter. In addition, the volume module arguments are refactored
|
|
||||||
so that the common volume parameters such as `mount_options` can be
|
|
||||||
specified in one place.
|
|
||||||
|
|
||||||
This adds a test for the `mount_options` parameter, and adds
|
|
||||||
verification for that parameter.
|
|
||||||
|
|
||||||
* only checkout mount_options if requested
|
|
||||||
|
|
||||||
(cherry picked from commit ecf3d04bb704db5c1a095aaef40c2372fd45d4d6)
|
|
||||||
---
|
|
||||||
library/blivet.py | 78 ++++++++++++++----------------
|
|
||||||
tests/test-verify-volume-fstab.yml | 22 ++++++++-
|
|
||||||
tests/tests_misc.yml | 3 ++
|
|
||||||
3 files changed, 60 insertions(+), 43 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/library/blivet.py b/library/blivet.py
|
|
||||||
index 80575bb..29552fa 100644
|
|
||||||
--- a/library/blivet.py
|
|
||||||
+++ b/library/blivet.py
|
|
||||||
@@ -105,6 +105,7 @@ volumes:
|
|
||||||
elements: dict
|
|
||||||
'''
|
|
||||||
|
|
||||||
+import copy
|
|
||||||
import logging
|
|
||||||
import os
|
|
||||||
import traceback
|
|
||||||
@@ -1500,6 +1501,39 @@ def activate_swaps(b, pools, volumes):
|
|
||||||
|
|
||||||
def run_module():
|
|
||||||
# available arguments/parameters that a user can pass
|
|
||||||
+ common_volume_opts = dict(encryption=dict(type='bool'),
|
|
||||||
+ encryption_cipher=dict(type='str'),
|
|
||||||
+ encryption_key=dict(type='str'),
|
|
||||||
+ encryption_key_size=dict(type='int'),
|
|
||||||
+ encryption_luks_version=dict(type='str'),
|
|
||||||
+ encryption_password=dict(type='str'),
|
|
||||||
+ fs_create_options=dict(type='str'),
|
|
||||||
+ fs_label=dict(type='str', default=''),
|
|
||||||
+ fs_type=dict(type='str'),
|
|
||||||
+ mount_options=dict(type='str'),
|
|
||||||
+ mount_point=dict(type='str'),
|
|
||||||
+ name=dict(type='str'),
|
|
||||||
+ raid_level=dict(type='str'),
|
|
||||||
+ size=dict(type='str'),
|
|
||||||
+ state=dict(type='str', default='present', choices=['present', 'absent']),
|
|
||||||
+ type=dict(type='str'))
|
|
||||||
+ volume_opts = copy.deepcopy(common_volume_opts)
|
|
||||||
+ volume_opts.update(
|
|
||||||
+ dict(disks=dict(type='list'),
|
|
||||||
+ raid_device_count=dict(type='int'),
|
|
||||||
+ raid_spare_count=dict(type='int'),
|
|
||||||
+ raid_metadata_version=dict(type='str')))
|
|
||||||
+ pool_volume_opts = copy.deepcopy(common_volume_opts)
|
|
||||||
+ pool_volume_opts.update(
|
|
||||||
+ dict(cached=dict(type='bool'),
|
|
||||||
+ cache_devices=dict(type='list', elements='str', default=list()),
|
|
||||||
+ cache_mode=dict(type='str'),
|
|
||||||
+ cache_size=dict(type='str'),
|
|
||||||
+ compression=dict(type='bool'),
|
|
||||||
+ deduplication=dict(type='bool'),
|
|
||||||
+ raid_disks=dict(type='list', elements='str', default=list()),
|
|
||||||
+ vdo_pool_size=dict(type='str')))
|
|
||||||
+
|
|
||||||
module_args = dict(
|
|
||||||
pools=dict(type='list', elements='dict',
|
|
||||||
options=dict(disks=dict(type='list', elements='str', default=list()),
|
|
||||||
@@ -1517,49 +1551,9 @@ def run_module():
|
|
||||||
state=dict(type='str', default='present', choices=['present', 'absent']),
|
|
||||||
type=dict(type='str'),
|
|
||||||
volumes=dict(type='list', elements='dict', default=list(),
|
|
||||||
- options=dict(cached=dict(type='bool'),
|
|
||||||
- cache_devices=dict(type='list', elements='str', default=list()),
|
|
||||||
- cache_mode=dict(type='str'),
|
|
||||||
- cache_size=dict(type='str'),
|
|
||||||
- compression=dict(type='bool'),
|
|
||||||
- deduplication=dict(type='bool'),
|
|
||||||
- encryption=dict(type='bool'),
|
|
||||||
- encryption_cipher=dict(type='str'),
|
|
||||||
- encryption_key=dict(type='str'),
|
|
||||||
- encryption_key_size=dict(type='int'),
|
|
||||||
- encryption_luks_version=dict(type='str'),
|
|
||||||
- encryption_password=dict(type='str'),
|
|
||||||
- fs_create_options=dict(type='str'),
|
|
||||||
- fs_label=dict(type='str', default=''),
|
|
||||||
- fs_type=dict(type='str'),
|
|
||||||
- mount_point=dict(type='str'),
|
|
||||||
- name=dict(type='str'),
|
|
||||||
- raid_disks=dict(type='list', elements='str', default=list()),
|
|
||||||
- raid_level=dict(type='str'),
|
|
||||||
- size=dict(type='str'),
|
|
||||||
- state=dict(type='str', default='present', choices=['present', 'absent']),
|
|
||||||
- type=dict(type='str'),
|
|
||||||
- vdo_pool_size=dict(type='str'))))),
|
|
||||||
+ options=pool_volume_opts))),
|
|
||||||
volumes=dict(type='list', elements='dict',
|
|
||||||
- options=dict(disks=dict(type='list'),
|
|
||||||
- encryption=dict(type='bool'),
|
|
||||||
- encryption_cipher=dict(type='str'),
|
|
||||||
- encryption_key=dict(type='str'),
|
|
||||||
- encryption_key_size=dict(type='int'),
|
|
||||||
- encryption_luks_version=dict(type='str'),
|
|
||||||
- encryption_password=dict(type='str'),
|
|
||||||
- fs_create_options=dict(type='str'),
|
|
||||||
- fs_label=dict(type='str', default=''),
|
|
||||||
- fs_type=dict(type='str'),
|
|
||||||
- mount_point=dict(type='str'),
|
|
||||||
- name=dict(type='str'),
|
|
||||||
- raid_level=dict(type='str'),
|
|
||||||
- raid_device_count=dict(type='int'),
|
|
||||||
- raid_spare_count=dict(type='int'),
|
|
||||||
- raid_metadata_version=dict(type='str'),
|
|
||||||
- size=dict(type='str'),
|
|
||||||
- state=dict(type='str', default='present', choices=['present', 'absent']),
|
|
||||||
- type=dict(type='str'))),
|
|
||||||
+ options=volume_opts),
|
|
||||||
packages_only=dict(type='bool', required=False, default=False),
|
|
||||||
disklabel_type=dict(type='str', required=False, default=None),
|
|
||||||
safe_mode=dict(type='bool', required=False, default=True),
|
|
||||||
diff --git a/tests/test-verify-volume-fstab.yml b/tests/test-verify-volume-fstab.yml
|
|
||||||
index 80d78f0..0091084 100644
|
|
||||||
--- a/tests/test-verify-volume-fstab.yml
|
|
||||||
+++ b/tests/test-verify-volume-fstab.yml
|
|
||||||
@@ -11,6 +11,15 @@
|
|
||||||
storage_test_fstab_expected_mount_point_matches: "{{ 1
|
|
||||||
if (_storage_test_volume_present and storage_test_volume.mount_point and storage_test_volume.mount_point.startswith('/'))
|
|
||||||
else 0 }}"
|
|
||||||
+ storage_test_fstab_mount_options_matches: "{{ storage_test_fstab.stdout_lines |
|
|
||||||
+ map('regex_search', ' ' + storage_test_volume.mount_point + ' .* ' + storage_test_volume.mount_options + ' +') |
|
|
||||||
+ select('string')|list if (
|
|
||||||
+ storage_test_volume.mount_options|d('none',true) != 'none'
|
|
||||||
+ and storage_test_volume.mount_point|d('none',true) != 'none'
|
|
||||||
+ ) else [] }}"
|
|
||||||
+ storage_test_fstab_expected_mount_options_matches: "{{ 1
|
|
||||||
+ if (_storage_test_volume_present and storage_test_volume.mount_options)
|
|
||||||
+ else 0 }}"
|
|
||||||
|
|
||||||
# device id
|
|
||||||
- name: Verify that the device identifier appears in /etc/fstab
|
|
||||||
@@ -26,7 +35,16 @@
|
|
||||||
msg: "Expected number ({{ storage_test_fstab_expected_mount_point_matches }}) of
|
|
||||||
entries with volume '{{ storage_test_volume.name }}' mount point not found in /etc/fstab."
|
|
||||||
|
|
||||||
-# todo: options
|
|
||||||
+# mount options
|
|
||||||
+- name: Verify mount_options
|
|
||||||
+ assert:
|
|
||||||
+ that: storage_test_fstab_mount_options_matches|length == storage_test_fstab_expected_mount_options_matches|int
|
|
||||||
+ msg: "Expected number ({{ storage_test_fstab_expected_mount_options_matches }}) of
|
|
||||||
+ entries with volume '{{ storage_test_volume.name }}' mount options not found in /etc/fstab."
|
|
||||||
+ when:
|
|
||||||
+ - __storage_verify_mount_options | d(false)
|
|
||||||
+ - "'mount_options' in storage_test_volume"
|
|
||||||
+ - "'mount_point' in storage_test_volume"
|
|
||||||
|
|
||||||
- name: Clean up variables
|
|
||||||
set_fact:
|
|
||||||
@@ -34,3 +52,5 @@
|
|
||||||
storage_test_fstab_mount_point_matches: null
|
|
||||||
storage_test_fstab_expected_id_matches: null
|
|
||||||
storage_test_fstab_expected_mount_point_matches: null
|
|
||||||
+ storage_test_fstab_mount_options_matches: null
|
|
||||||
+ storage_test_fstab_expected_mount_options_matches: null
|
|
||||||
diff --git a/tests/tests_misc.yml b/tests/tests_misc.yml
|
|
||||||
index 159c959..97c1627 100644
|
|
||||||
--- a/tests/tests_misc.yml
|
|
||||||
+++ b/tests/tests_misc.yml
|
|
||||||
@@ -189,8 +189,11 @@
|
|
||||||
fs_type: 'ext4'
|
|
||||||
fs_create_options: '-F'
|
|
||||||
mount_point: "{{ mount_location }}"
|
|
||||||
+ mount_options: rw,noatime,defaults
|
|
||||||
|
|
||||||
- include_tasks: verify-role-results.yml
|
|
||||||
+ vars:
|
|
||||||
+ __storage_verify_mount_options: true
|
|
||||||
|
|
||||||
- name: Remove the disk volume created above
|
|
||||||
include_role:
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
709
SOURCES/CHANGELOG.md
Normal file
709
SOURCES/CHANGELOG.md
Normal file
@ -0,0 +1,709 @@
|
|||||||
|
Changelog
|
||||||
|
=========
|
||||||
|
[1.23.0] - 2024-01-15
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [RHEL for Edge support in system roles](https://issues.redhat.com/browse/RHEL-15872)
|
||||||
|
- [ad_integration - feat: Add sssd custom settings](https://issues.redhat.com/browse/RHEL-17667)
|
||||||
|
- [ad_integration - Enable AD dynamic DNS updates](https://issues.redhat.com/browse/RHEL-1119)
|
||||||
|
- [ad_integration - feat: add ad_integration_preserve_authselect_profile](https://issues.redhat.com/browse/RHEL-21383)
|
||||||
|
- [ad_integration - feat: Add SSSD parameters support](https://issues.redhat.com/browse/RHEL-21134)
|
||||||
|
- [bootloader - Create bootloader role (MVP)](https://issues.redhat.com/browse/RHEL-3241)
|
||||||
|
- [fapolicyd - feat: Import code for fapolicyd system role](https://issues.redhat.com/browse/RHEL-16542)
|
||||||
|
- [ha_cluster - [RFE] HA Cluster system role should be able to enable Resilient Storage repository](https://issues.redhat.com/browse/RHEL-14090)
|
||||||
|
- [ha_cluster - [FutureFeature] Allow ha_cluster role to configure fencing topology](https://issues.redhat.com/browse/RHEL-4624)
|
||||||
|
- [ha_cluster - [FutureFeature] Allow ha_cluster role to configure all qdevice options](https://issues.redhat.com/browse/RHEL-3264)
|
||||||
|
- [ha_cluster - Setting cluster members attributes](https://issues.redhat.com/browse/RHEL-22108)
|
||||||
|
- [journald - feat: Add support for ForwardToSyslog](https://issues.redhat.com/browse/RHEL-21123)
|
||||||
|
- [logging - feat: Add support for the global config option preserveFQDN with a new logg…](https://issues.redhat.com/browse/RHEL-15933)
|
||||||
|
- [logging - feat: Add support for general queue and general action parameters](https://issues.redhat.com/browse/RHEL-15440)
|
||||||
|
- [metrics - [RFE] Metrics system role support for configuring PMIE webhooks](https://issues.redhat.com/browse/RHEL-18170)
|
||||||
|
- [network - Add blackhole type route](https://issues.redhat.com/browse/RHEL-21491)
|
||||||
|
- [postgresql - feat: Enable support for Postgresql 16](https://issues.redhat.com/browse/RHEL-18963)
|
||||||
|
- [rhc - support RHEL 7 managed nodes](https://issues.redhat.com/browse/RHEL-16977)
|
||||||
|
- [rhc - new rhc_insights.ansible_host parameter](https://issues.redhat.com/browse/RHEL-16975)
|
||||||
|
- [rhc - new rhc_insights.display_name parameter](https://issues.redhat.com/browse/RHEL-16965)
|
||||||
|
- [snapshot - New Role for storage snapshot management (lvm, etc.)](https://issues.redhat.com/browse/RHEL-16553)
|
||||||
|
- [sshd - ansible-sshd Manage SSH certificates](https://issues.redhat.com/browse/RHEL-5985)
|
||||||
|
- [storage - feat: Support for creating volumes without a FS](https://issues.redhat.com/browse/RHEL-16213)
|
||||||
|
- [storage - Basic support for creating shared logical volumes (RHEL 8)](https://issues.redhat.com/browse/RHEL-14022)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [ha_cluster - high-availability firewall service is not added on qdevice node](https://issues.redhat.com/browse/RHEL-17874)
|
||||||
|
- [ha_cluster - Timeout issue between SBD with delay-start and systemd unit](https://issues.redhat.com/browse/RHEL-4684)
|
||||||
|
- [kdump - fix: retry read of kexec_crash_size](https://issues.redhat.com/browse/RHEL-3354)
|
||||||
|
- [keylime_server - won't detect registrar start failure](https://issues.redhat.com/browse/RHEL-21946)
|
||||||
|
- [logging - fix: check that logging_max_message_size is set, not rsyslog_max_message_size](https://issues.redhat.com/browse/RHEL-15038)
|
||||||
|
- [nbde_server - fix: Allow tangd socket override directory to be managed outside of the role](https://issues.redhat.com/browse/RHEL-25509)
|
||||||
|
- [network - Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"](https://issues.redhat.com/browse/RHEL-16501)
|
||||||
|
- [podman - fix: cast secret data to string in order to allow JSON valued strings](https://issues.redhat.com/browse/RHEL-22310)
|
||||||
|
- [podman - fix: name of volume quadlet service should be basename-volume.service](https://issues.redhat.com/browse/RHEL-21402)
|
||||||
|
- [podman - fix: add no_log: true for tasks that can log secret data](https://issues.redhat.com/browse/RHEL-19242)
|
||||||
|
- [podman - fix: user linger needed before secrets](https://issues.redhat.com/browse/RHEL-22229)
|
||||||
|
- [postgresql - PostgreSQL system role: unable to install PostgreSQL version 15 on RHEL 9](https://issues.redhat.com/browse/RHEL-21400)
|
||||||
|
- [selinux - fix: Use `ignore_selinux_state` module option](https://issues.redhat.com/browse/RHEL-15871)
|
||||||
|
- [selinux - fix: Print an error message when module to be created doesn't exist](https://issues.redhat.com/browse/RHEL-19044)
|
||||||
|
- [selinux - fix: no longer use "item" as a loop variable](https://issues.redhat.com/browse/RHEL-19042)
|
||||||
|
|
||||||
|
[1.22.0] - 2023-08-15
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [ALL - fingerprint in config files managed by roles](https://bugzilla.redhat.com/show_bug.cgi?id=2186910)
|
||||||
|
- [ad_integration - add ad_integration_force_rejoin](https://bugzilla.redhat.com/show_bug.cgi?id=2211723)
|
||||||
|
- [certificate - add mode parameter to change permissions for cert files](https://bugzilla.redhat.com/show_bug.cgi?id=2218204)
|
||||||
|
- [firewall - missing module in linux-system-roles.firewall to create an ipset](https://bugzilla.redhat.com/show_bug.cgi?id=2140880)
|
||||||
|
- [firewall - fix: reload on resetting to defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2224648)
|
||||||
|
- [firewall - should have option to disable conflicting services](https://bugzilla.redhat.com/show_bug.cgi?id=2222809)
|
||||||
|
- [ha_cluster - Add possibility to load SBD watchdog kernel modules](https://bugzilla.redhat.com/show_bug.cgi?id=2190478)
|
||||||
|
- [ha_cluster - cluster and quorum can have distinct passwords](https://bugzilla.redhat.com/show_bug.cgi?id=2216485)
|
||||||
|
- [ha_cluster - support for resource and operation defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2190483)
|
||||||
|
- [kdump - support auto_reset_crashkernel, dracut_args, deprecate /etc/sysconfig/kdump](https://bugzilla.redhat.com/show_bug.cgi?id=2211272)
|
||||||
|
- [keylime_server - system role for managing keylime servers](https://bugzilla.redhat.com/show_bug.cgi?id=2224387)
|
||||||
|
- [network - Support configuring auto-dns setting](https://bugzilla.redhat.com/show_bug.cgi?id=2211273)
|
||||||
|
- [network - Support no-aaaa DNS option](https://bugzilla.redhat.com/show_bug.cgi?id=2218595)
|
||||||
|
- [podman - allow container networking configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2220963)
|
||||||
|
- [podman - support for healthchecks and healthcheck actions](https://bugzilla.redhat.com/show_bug.cgi?id=2220961)
|
||||||
|
- [podman - support quadlet units](https://bugzilla.redhat.com/show_bug.cgi?id=2220962)
|
||||||
|
- [postgresql - [RFE] system role for PostgreSQL management](https://bugzilla.redhat.com/show_bug.cgi?id=2151371)
|
||||||
|
- [rhc - implement rhc_proxy.scheme](https://bugzilla.redhat.com/show_bug.cgi?id=2211778)
|
||||||
|
- [rhc - [RFE] New role for Red Hat subscription management, insights management [rhel-8.9.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2179016)
|
||||||
|
- [ssh - add ssh_backup option with default true](https://bugzilla.redhat.com/show_bug.cgi?id=2216759)
|
||||||
|
- [storage - RFE for the storage system role to support configuring the stripe size for RAID LVM volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2141961)
|
||||||
|
- [storage - [RFE] user-specified mount point owner and permissions](https://bugzilla.redhat.com/show_bug.cgi?id=2181661)
|
||||||
|
- [systemd - system role for managing systemd units](https://bugzilla.redhat.com/show_bug.cgi?id=2224388)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [ALL - facts being gathered unnecessarily](https://bugzilla.redhat.com/show_bug.cgi?id=2223036)
|
||||||
|
- [ad_integration - leaks credentials when in check_mode](https://bugzilla.redhat.com/show_bug.cgi?id=2233183)
|
||||||
|
- [certificate - rhel-system-roles.certificate does not re-issue after updating key_size](https://bugzilla.redhat.com/show_bug.cgi?id=2186057)
|
||||||
|
- [firewall - fix: reload on resetting to defaults](https://bugzilla.redhat.com/show_bug.cgi?id=2224648)
|
||||||
|
- [firewall - Check mode fails with replacing previous rules](https://issues.redhat.com/browse/RHEL-899)
|
||||||
|
- [firewall - Check mode fails when creating new firewall service](https://bugzilla.redhat.com/show_bug.cgi?id=2222433)
|
||||||
|
- [firewall - Ansible RHEL firewall system role not idempotent when configuring the interface using the role in rhel9](https://issues.redhat.com/browse/RHEL-918)
|
||||||
|
- [firewall - Don't install python(3)-firewall it's a dependency of firewalld](https://bugzilla.redhat.com/show_bug.cgi?id=2216521)
|
||||||
|
- [firewall - fix: files: overwrite firewalld.conf on previous replaced](https://issues.redhat.com/browse/RHEL-1496)
|
||||||
|
- [kdump - use failure_action instead of default on EL9 and later](https://issues.redhat.com/browse/RHEL-907)
|
||||||
|
- [kdump - role: "Write new authorized_keys if needed" task idempotency issues](https://bugzilla.redhat.com/show_bug.cgi?id=2232391)
|
||||||
|
- [kdump - system role fails if kdump_ssh_user doesn't have a .ssh/authorized_keys file in home directory](https://bugzilla.redhat.com/show_bug.cgi?id=2232392)
|
||||||
|
- [kdump - fix: ensure .ssh directory exists for kdump_ssh_user on kdump_ssh_server](https://issues.redhat.com/browse/RHEL-1398)
|
||||||
|
- [kdump - fix: Ensure authorized_keys management works with multiple hosts](https://issues.redhat.com/browse/RHEL-1500)
|
||||||
|
- [podman - Podman system role: Unable to use podman_registries_conf to set unqualified-search-registries](https://bugzilla.redhat.com/show_bug.cgi?id=2226077)
|
||||||
|
- [rhc - system role does not apply Insights tags](https://bugzilla.redhat.com/show_bug.cgi?id=2209441)
|
||||||
|
- [storage - Cannot set chunk size for RAID: Unsupported parameters for (blivet) module: pools.raid_chunk_size](https://bugzilla.redhat.com/show_bug.cgi?id=2193057)
|
||||||
|
- [storage - RAID volume pre cleanup - remove existing data from member disks as needed before creation](https://bugzilla.redhat.com/show_bug.cgi?id=2224094)
|
||||||
|
- [storage - Storage: mounted devices that are in use cannot be resized](https://bugzilla.redhat.com/show_bug.cgi?id=2168738)
|
||||||
|
- [storage - fix: use stat.pw_name, stat.gr_name instead of owner, group](https://issues.redhat.com/browse/RHEL-1498)
|
||||||
|
- [tlog - use the proxy provider - the files provider is deprecated in sssd](https://bugzilla.redhat.com/show_bug.cgi?id=2191702)
|
||||||
|
|
||||||
|
[1.21.1] - 2023-03-16
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [rhc - New Role - Red Hat subscription management, insights management](https://bugzilla.redhat.com/show_bug.cgi?id=2144877)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
[1.21.0] - 2023-02-20
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [ad_integration - [RFE] new role to support AD integration, join to AD domain](https://bugilla.redhat.com/show_bug.cgi?id=2144876)
|
||||||
|
- [cockpit - [RFE] convert cockpit role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2137667)
|
||||||
|
- [ha_cluster - Allow quorum device configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2143814)
|
||||||
|
- [ha_cluster - [RFE] convert ha_cluster role to use firewall, selinux and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130019)
|
||||||
|
- [journald - New role - journald - manage systemd-journald](https://bugzilla.redhat.com/show_bug.cgi?id=2165176)
|
||||||
|
- [logging - [RFE] convert logging role to use firewall, selinux role, and certificate role](https://bugzilla.redhat.com/show_bug.cgi?id=2130362)
|
||||||
|
- [metrics - [RFE] convert metrics role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133532)
|
||||||
|
- [nbde_server - [RFE] convert nbde_server role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2133931)
|
||||||
|
- [network - Support cloned MAC address](https://bugzilla.redhat.com/show_bug.cgi?id=2143458)
|
||||||
|
- [network - [RFE] Support setting the metric of the default route for initscripts provider](https://bugzilla.redhat.com/show_bug.cgi?id=2134201)
|
||||||
|
- [network - [RFE] Support the DNS priority](https://bugzilla.redhat.com/show_bug.cgi?id=2133856)
|
||||||
|
- [network - Support looking up named route table in routing rule](https://bugzilla.redhat.com/show_bug.cgi?id=2129620)
|
||||||
|
- [podman - [RFE] role for managing podman containers and systemd](https://bugzilla.redhat.com/show_bug.cgi?id=2066864)
|
||||||
|
- [postfix - [RFE] convert postfix role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130332)
|
||||||
|
- [selinux - add support for the 'local' parameter](https://bugzilla.redhat.com/show_bug.cgi?id=2143385)
|
||||||
|
- [vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid](https://bugzilla.redhat.com/show_bug.cgi?id=2119600)
|
||||||
|
- [vpn - [RFE] convert vpn role to use firewall and selinux role](https://bugzilla.redhat.com/show_bug.cgi?id=2130345)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [ha_cluster - Fix stonith watchdog timeout](https://bugzilla.redhat.com/show_bug.cgi?id=2167941)
|
||||||
|
- [ha_cluster - Allow enabled SBD on disabled cluster](https://bugzilla.redhat.com/show_bug.cgi?id=2153081)
|
||||||
|
- [ha_cluster - use no_log in tasks looping over pot. secret parameters](https://bugzilla.redhat.com/show_bug.cgi?id=2127497)
|
||||||
|
- [nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data](https://bugzilla.redhat.com/show_bug.cgi?id=2159972)
|
||||||
|
- [nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names](https://bugzilla.redhat.com/show_bug.cgi?id=2126960)
|
||||||
|
- [network - should route traffic via correct bond](https://bugzilla.redhat.com/show_bug.cgi?id=2168733)
|
||||||
|
- [selinux - managing modules is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=2164879)
|
||||||
|
- [sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found](https://bugzilla.redhat.com/show_bug.cgi?id=2143401)
|
||||||
|
- [tlog - Unconditionally enable the files provider](https://bugzilla.redhat.com/show_bug.cgi?id=2153080)
|
||||||
|
|
||||||
|
[1.20.0] - 2022-08-09
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [cockpit - Add customization of port](https://bugzilla.redhat.com/show_bug.cgi?id=2115159)
|
||||||
|
- [firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID](https://bugzilla.redhat.com/show_bug.cgi?id=2100939)
|
||||||
|
- [firewall - support for firewall_config - gather firewall facts](https://bugzilla.redhat.com/show_bug.cgi?id=2115160)
|
||||||
|
- [logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs](https://bugzilla.redhat.com/show_bug.cgi?id=2112143)
|
||||||
|
- [selinux - Added setting of seuser and selevel for completeness](https://bugzilla.redhat.com/show_bug.cgi?id=2115162)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [nbde_client - Sets proper spacing for parameter rd.neednet=1](https://bugzilla.redhat.com/show_bug.cgi?id=2115161)
|
||||||
|
- [network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence](https://bugzilla.redhat.com/show_bug.cgi?id=2115884)
|
||||||
|
- [ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing](https://bugzilla.redhat.com/show_bug.cgi?id=2109997)
|
||||||
|
- [storage - [RHEL8] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.](https://bugzilla.redhat.com/show_bug.cgi?id=2082391)
|
||||||
|
|
||||||
|
[1.19.3] - 2022-07-01
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [firewall - support add/modify/delete services](https://bugzilla.redhat.com/show_bug.cgi?id=2100297)
|
||||||
|
- [network - [RFE] [network] Support managing the network through nmstate schema](https://bugzilla.redhat.com/show_bug.cgi?id=2100979)
|
||||||
|
- [storage - support for adding/removing disks to/from storage pools](https://bugzilla.redhat.com/show_bug.cgi?id=2066880)
|
||||||
|
- [storage - support for attaching cache volumes to existing volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2066881)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [firewall - forward_port should accept list of string or list of dict](https://bugzilla.redhat.com/show_bug.cgi?id=2101607)
|
||||||
|
- [metrics - document minimum supported redis version required by rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=2100285)
|
||||||
|
- [metrics - restart pmie, pmlogger if changed, do not wait for handler](https://bugzilla.redhat.com/show_bug.cgi?id=2100298)
|
||||||
|
|
||||||
|
[1.19.2] - 2022-06-15
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9](https://bugzilla.redhat.com/show_bug.cgi?id=2086935)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
[1.19.1] - 2022-06-13
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [storage - support for creating and managing LVM thin pools/LVs](https://bugzilla.redhat.com/show_bug.cgi?id=2066876)
|
||||||
|
- [All roles should support running with gather_facts: false](https://bugzilla.redhat.com/show_bug.cgi?id=2079008)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
[1.19.0] - 2022-06-06
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [storage - support for creating and managing LVM thin pools/LVs](https://bugzilla.redhat.com/show_bug.cgi?id=2066876)
|
||||||
|
- [firewall - state no longer required for masquerade and ICMP block inversion](https://bugzilla.redhat.com/show_bug.cgi?id=2093437)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [storage - role raid_level "striped" is not supported](https://bugzilla.redhat.com/show_bug.cgi?id=2083426)
|
||||||
|
|
||||||
|
[1.18.0] - 2022-05-26
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [firewall - [Improvement] Allow System Role to reset to default Firewalld Settings](https://bugzilla.redhat.com/show_bug.cgi?id=2043009)
|
||||||
|
- [metrics - [RFE] add an option to the metrics role to enable postfix metric collection](https://bugzilla.redhat.com/show_bug.cgi?id=2079114)
|
||||||
|
- [network - Rework the infiniband support](https://bugzilla.redhat.com/show_bug.cgi?id=2086869)
|
||||||
|
- [sshd - system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf"](https://bugzilla.redhat.com/show_bug.cgi?id=2086934)
|
||||||
|
- [sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9](https://bugzilla.redhat.com/show_bug.cgi?id=2086935)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [storage - role cannot set mount_options for volumes](https://bugzilla.redhat.com/show_bug.cgi?id=2083378)
|
||||||
|
|
||||||
|
[1.17.0] - 2022-04-25
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [All roles should support running with gather_facts: false](https://bugzilla.redhat.com/show_bug.cgi?id=2079008)
|
||||||
|
- [ha_cluster - support advanced corosync configuration](https://bugzilla.redhat.com/show_bug.cgi?id=2065339)
|
||||||
|
- [ha_cluster - support SBD fencing](https://bugzilla.redhat.com/show_bug.cgi?id=2066868)
|
||||||
|
- [ha_cluster - add support for configuring bundle resources](https://bugzilla.redhat.com/show_bug.cgi?id=2073518)
|
||||||
|
- [logging - Logging - RFE - support template, severity and facility options](https://bugzilla.redhat.com/show_bug.cgi?id=2075116)
|
||||||
|
- [metrics - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065215)
|
||||||
|
- [metrics - [RFE] add an option to the metrics role to enable postfix metric collection](https://bugzilla.redhat.com/show_bug.cgi?id=2079114)
|
||||||
|
- [network - [RFE] Extend rhel-system-roles.network feature set to support routing rules](https://bugzilla.redhat.com/show_bug.cgi?id=1996731)
|
||||||
|
- [network - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065670)
|
||||||
|
- [postfix - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065216)
|
||||||
|
- [postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2065218)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [firewall - Firewall system role Ansible deprecation warning related to "include"](https://bugzilla.redhat.com/show_bug.cgi?id=2078650)
|
||||||
|
- [kernel_settings - error configobj not found on RHEL 8.6 managed hosts [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2060378)
|
||||||
|
- [metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2060377)
|
||||||
|
- [nbde_client - NBDE client system role does not support servers with static IP addresses [rhel-8.7.0]](https://bugzilla.redhat.com/show_bug.cgi?id=2071011)
|
||||||
|
- [network - bond: fix typo in supporting the infiniband ports in active-backup mode](https://bugzilla.redhat.com/show_bug.cgi?id=2064067)
|
||||||
|
- [sshd - FIPS mode detection in SSHD role is wrong](https://bugzilla.redhat.com/show_bug.cgi?id=2075338)
|
||||||
|
- [storage - RFE storage Less verbosity by default](https://bugzilla.redhat.com/show_bug.cgi?id=2056480)
|
||||||
|
- [tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default](https://bugzilla.redhat.com/show_bug.cgi?id=2072749)
|
||||||
|
|
||||||
|
[1.16.3] - 2022-04-07
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default](https://bugzilla.redhat.com/show_bug.cgi?id=2072749)
|
||||||
|
|
||||||
|
[1.16.2] - 2022-04-06
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [nbde_client - NBDE client system role does not support servers with static IP addresses](https://bugzilla.redhat.com/show_bug.cgi?id=1985022)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
[1.16.1] - 2022-03-29
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [nbde_client - NBDE client system role does not support servers with static IP addresses](https://bugzilla.redhat.com/show_bug.cgi?id=1985022)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
[1.16.0] - 2022-03-22
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [network - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2057656)
|
||||||
|
- [metrics - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2057645)
|
||||||
|
- [postfix - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2057661)
|
||||||
|
- [postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default](https://bugzilla.redhat.com/show_bug.cgi?id=2044657)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [network - bond: fix typo in supporting the infiniband ports in active-backup mode](https://bugzilla.redhat.com/show_bug.cgi?id=2064388)
|
||||||
|
|
||||||
|
[1.15.1] - 2022-03-03
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [kernel_settings - error configobj not found on RHEL 8.6 managed hosts](https://bugzilla.redhat.com/show_bug.cgi?id=2058772)
|
||||||
|
- [timesync - timesync: basic-smoke test failure in timesync/tests_ntp.yml](https://bugzilla.redhat.com/show_bug.cgi?id=2058645)
|
||||||
|
|
||||||
|
[1.15.0] - 2022-03-01
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [firewall - [RFE] - Firewall RHEL System Role should be able to set default zone](https://bugzilla.redhat.com/show_bug.cgi?id=2022458)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run](https://bugzilla.redhat.com/show_bug.cgi?id=2058655)
|
||||||
|
- [firewall - ensure target changes take effect immediately](https://bugzilla.redhat.com/show_bug.cgi?id=2057172)
|
||||||
|
|
||||||
|
[1.14.0] - 2022-02-14
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [network - [RFE] Add more bonding options to rhel-system-roles.network](https://bugzilla.redhat.com/show_bug.cgi?id=2008931)
|
||||||
|
- [certificate - should consistently use ansible_managed in hook scripts](https://bugzilla.redhat.com/show_bug.cgi?id=2054364)
|
||||||
|
- [tlog - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2054363)
|
||||||
|
- [vpn - consistently use ansible_managed in configuration files managed by role](https://bugzilla.redhat.com/show_bug.cgi?id=2054365)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [ha_cluster - set permissions for haclient group](https://bugzilla.redhat.com/show_bug.cgi?id=2049747)
|
||||||
|
|
||||||
|
[1.13.1] - 2022-02-08
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [vpn - vpn: template error while templating string: no filter named 'vpn_ipaddr'](https://bugzilla.redhat.com/show_bug.cgi?id=2050341)
|
||||||
|
- [kdump - kdump: Unable to start service kdump: Job for kdump.service failed because the control process exited with error code.](https://bugzilla.redhat.com/show_bug.cgi?id=2052105)
|
||||||
|
|
||||||
|
[1.13.0] - 2022-02-01
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [storage - RFE: Add support for RAID volumes (lvm-only)](https://bugzilla.redhat.com/show_bug.cgi?id=2016514)
|
||||||
|
- [storage - RFE: Add support for cached volumes (lvm-only)](https://bugzilla.redhat.com/show_bug.cgi?id=2016511)
|
||||||
|
- [nbde_client - NBDE client system role does not support servers with static IP addresses](https://bugzilla.redhat.com/show_bug.cgi?id=1985022)
|
||||||
|
- [ha_cluster - [RFE] ha_cluster - Support for creating resource constraints (Location, Ordering, etc.)](https://bugzilla.redhat.com/show_bug.cgi?id=2041635)
|
||||||
|
- [network - RFE: Support Routing Tables in static routes in Network Role](https://bugzilla.redhat.com/show_bug.cgi?id=2031521)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [metrics - role can't be re-run if the Grafana admin password has been changed](https://bugzilla.redhat.com/show_bug.cgi?id=1967321)
|
||||||
|
- [network - Failure to activate connection: nm-manager-error-quark: No suitable device found for this connection](https://bugzilla.redhat.com/show_bug.cgi?id=2034908)
|
||||||
|
- [network - Set DNS search setting only for enabled IP protocols](https://bugzilla.redhat.com/show_bug.cgi?id=2041627)
|
||||||
|
|
||||||
|
[1.12.0] - 2022-01-27
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [logging - Logging role "logging_purge_confs" option not properly working](https://bugzilla.redhat.com/show_bug.cgi?id=2040812)
|
||||||
|
- [kernel_settings - role should use ansible_managed in its configuration file](https://bugzilla.redhat.com/show_bug.cgi?id=2047504)
|
||||||
|
|
||||||
|
[1.11.0] - 2022-01-20
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [Support ansible-core 2.11+](https://bugzilla.redhat.com/show_bug.cgi?id=2012316)
|
||||||
|
- [cockpit - Please include "cockpit" role](https://bugzilla.redhat.com/show_bug.cgi?id=2021661)
|
||||||
|
- [ssh - ssh/tests_all_options.yml: "assertion": "'StdinNull yes' in config.content | b64decode ", failure](https://bugzilla.redhat.com/show_bug.cgi?id=2029614)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [timesync - timesync: Failure related to missing ntp/ntpd package/service on RHEL-9 host](https://bugzilla.redhat.com/show_bug.cgi?id=2029463)
|
||||||
|
- [logging - role missing quotes for immark module interval value](https://bugzilla.redhat.com/show_bug.cgi?id=2021678)
|
||||||
|
- [kdump - kdump: support reboot required and reboot ok](https://bugzilla.redhat.com/show_bug.cgi?id=2029605)
|
||||||
|
- [sshd - should detect FIPS mode and handle tasks correctly in FIPS mode](https://bugzilla.redhat.com/show_bug.cgi?id=1979714)
|
||||||
|
|
||||||
|
[1.10.0] - 2021-11-08
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [cockpit - Please include "cockpit" role](https://bugzilla.redhat.com/show_bug.cgi?id=2021661)
|
||||||
|
- [firewall - Ansible Roles for RHEL Firewall](https://bugzilla.redhat.com/show_bug.cgi?id=1854988)
|
||||||
|
- [firewall - RFE: firewall-system-role: add ability to add-source](https://bugzilla.redhat.com/show_bug.cgi?id=1932678)
|
||||||
|
- [firewall - RFE: firewall-system-role: allow user defined zones](https://bugzilla.redhat.com/show_bug.cgi?id=1850768)
|
||||||
|
- [firewall - RFE: firewall-system-role: allow specifying the zone](https://bugzilla.redhat.com/show_bug.cgi?id=1850753)
|
||||||
|
- [Support ansible-core 2.11+](https://bugzilla.redhat.com/show_bug.cgi?id=2012316)
|
||||||
|
- [network - role: Allow to specify PCI address to configure profiles](https://bugzilla.redhat.com/show_bug.cgi?id=1695634)
|
||||||
|
- [network - [RFE] support wifi Enhanced Open (OWE)](https://bugzilla.redhat.com/show_bug.cgi?id=1993379)
|
||||||
|
- [network - [RFE] support WPA3 Simultaneous Authentication of Equals(SAE)](https://bugzilla.redhat.com/show_bug.cgi?id=1993311)
|
||||||
|
- [network - [Network] RFE: Support ignoring default gateway retrieved by DHCP/IPv6-RA](https://bugzilla.redhat.com/show_bug.cgi?id=1897565)
|
||||||
|
- [logging - [RFE] logging - Add user and password](https://bugzilla.redhat.com/show_bug.cgi?id=2010327)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [Replace `# {{ ansible_managed }}` with `{{ ansible_managed | comment }}`](https://bugzilla.redhat.com/show_bug.cgi?id=2006230)
|
||||||
|
- [logging - role missing quotes for immark module interval value](https://bugzilla.redhat.com/show_bug.cgi?id=2021678)
|
||||||
|
- [logging - Logging - Performance improvement](https://bugzilla.redhat.com/show_bug.cgi?id=2005727)
|
||||||
|
- [nbde_client - add regenerate-all to the dracut command](https://bugzilla.redhat.com/show_bug.cgi?id=2021682)
|
||||||
|
- [certificate - certificates: "group" option keeps certificates inaccessible to the group](https://bugzilla.redhat.com/show_bug.cgi?id=2021683)
|
||||||
|
|
||||||
|
[1.7.3] - 2021-08-26
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1978488)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
[1.7.2] - 2021-08-24
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [logging - Update the certificates copy tasks](https://bugzilla.redhat.com/show_bug.cgi?id=1996777)
|
||||||
|
|
||||||
|
[1.7.1] - 2021-08-16
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [metrics - role: the bpftrace role does not properly configure bpftrace agent](https://bugzilla.redhat.com/show_bug.cgi?id=1994180)
|
||||||
|
|
||||||
|
[1.7.0] - 2021-08-12
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [drop support for Ansible 2.8](https://bugzilla.redhat.com/show_bug.cgi?id=1989197)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [sshd - sshd: failed to validate: error:Missing Match criteria for all Bad Match condition](https://bugzilla.redhat.com/show_bug.cgi?id=1991598)
|
||||||
|
|
||||||
|
[1.6.6] - 2021-08-06
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [logging - [RFE] logging - Add a support for list value to server_host in the elasticsearch output](https://bugzilla.redhat.com/show_bug.cgi?id=1986460)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
[1.6.2] - 2021-07-30
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [metrics - role: Grafana dashboard not working after metrics role run unless services manually restarted](https://bugzilla.redhat.com/show_bug.cgi?id=1984150)
|
||||||
|
|
||||||
|
[1.6.0] - 2021-07-28
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [storage - [RFE] storage: support volume sizes as a percentage of pool](https://bugzilla.redhat.com/show_bug.cgi?id=1984583)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
[1.5.0] - 2021-07-15
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [ha_cluster - RFE: ha_cluster - add pacemaker cluster properties configuration](https://bugzilla.redhat.com/show_bug.cgi?id=1982913)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
[1.4.3] - 2021-07-15
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [crypto_policies - rename 'policy modules' to 'subpolicies'](https://bugzilla.redhat.com/show_bug.cgi?id=1982896)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
[1.4.2] - 2021-07-15
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [storage - storage: relabel doesn't support](https://bugzilla.redhat.com/show_bug.cgi?id=1876315)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
[1.4.1] - 2021-07-09
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [network - Re-running the network system role results in "changed: true" when nothing has actually changed](https://bugzilla.redhat.com/show_bug.cgi?id=1943384)
|
||||||
|
|
||||||
|
[1.4.0] - 2021-07-08
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1882475)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
[1.3.0] - 2021-06-23
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [ha_cluster - RFE: add pacemaker resources configuration](https://bugzilla.redhat.com/show_bug.cgi?id=1963283)
|
||||||
|
- [network - [Network] RFE: Support ignoring default gateway retrieved by DHCP/IPv6-RA](https://bugzilla.redhat.com/show_bug.cgi?id=1897565)
|
||||||
|
- [storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)](https://bugzilla.redhat.com/show_bug.cgi?id=1882475)
|
||||||
|
- [sshd - RFE: sshd - support for appending a snippet to configuration file](https://bugzilla.redhat.com/show_bug.cgi?id=1970642)
|
||||||
|
- [timesync - RFE: timesync support for Network Time Security (NTS)](https://bugzilla.redhat.com/show_bug.cgi?id=1970664)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [postfix - Postfix RHEL system role README.md missing variables under the "Role Variables" section](https://bugzilla.redhat.com/show_bug.cgi?id=1961858)
|
||||||
|
- [postfix - the postfix role is not idempotent](https://bugzilla.redhat.com/show_bug.cgi?id=1960375)
|
||||||
|
- [selinux - task for semanage says Fedora in name but also runs on RHEL/CentOS 8](https://bugzilla.redhat.com/show_bug.cgi?id=1966681)
|
||||||
|
- [metrics - role task to enable logging for targeted hosts not working](https://bugzilla.redhat.com/show_bug.cgi?id=1967335)
|
||||||
|
- [sshd ssh - Unable to set sshd_hostkey_group and sshd_hostkey_mode](https://bugzilla.redhat.com/show_bug.cgi?id=1966711)
|
||||||
|
|
||||||
|
[1.2.3] - 2021-06-17
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [main.yml: Add EL 9 support for all roles](https://bugzilla.redhat.com/show_bug.cgi?id=1952887)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
[1.2.2] - 2021-06-15
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [timesync - Add hybrid_e2e option to PTP domain](https://bugzilla.redhat.com/show_bug.cgi?id=1957849)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [Internal links in README.md are broken](https://bugzilla.redhat.com/show_bug.cgi?id=1962976)
|
||||||
|
- [ha_cluster - cannot read preshared key in binary format](https://bugzilla.redhat.com/show_bug.cgi?id=1952620)
|
||||||
|
|
||||||
|
[1.2.1] - 2021-05-21
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- none
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [Internal links in README.md are broken](https://bugzilla.redhat.com/show_bug.cgi?id=1962976)
|
||||||
|
|
||||||
|
[1.2.0] - 2021-05-17
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [network - role: Support ethtool -G|--set-ring options](https://bugzilla.redhat.com/show_bug.cgi?id=1959649)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [postfix - postfix: Use FQRN in README](https://bugzilla.redhat.com/show_bug.cgi?id=1958963)
|
||||||
|
- [postfix - Documentation error in rhel-system-roles postfix readme file](https://bugzilla.redhat.com/show_bug.cgi?id=1866544)
|
||||||
|
- [storage - storage: calltrace observed when set type: partition for storage_pools](https://bugzilla.redhat.com/show_bug.cgi?id=1854187)
|
||||||
|
|
||||||
|
[1.1.0] - 2021-05-13
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [timesync - [RFE] support for free form configuration for chrony](https://bugzilla.redhat.com/show_bug.cgi?id=1938023)
|
||||||
|
- [timesync - [RFE] support for timesync_max_distance to configure maxdistance/maxdist parameter](https://bugzilla.redhat.com/show_bug.cgi?id=1938016)
|
||||||
|
- [timesync - [RFE] support for ntp xleave, filter, and hw timestamping](https://bugzilla.redhat.com/show_bug.cgi?id=1938020)
|
||||||
|
- [selinux - [RFE] Ability to install custom SELinux module via Ansible](https://bugzilla.redhat.com/show_bug.cgi?id=1848683)
|
||||||
|
- [network - support for ipv6_disabled to disable ipv6 for address](https://bugzilla.redhat.com/show_bug.cgi?id=1939711)
|
||||||
|
- [vpn - [RFE] Release Ansible role for vpn in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1943679)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [Bug fixes for Collection/Automation Hub](https://bugzilla.redhat.com/show_bug.cgi?id=1954747)
|
||||||
|
- [timesync - do not use ignore_errors in timesync role](https://bugzilla.redhat.com/show_bug.cgi?id=1938014)
|
||||||
|
- [selinux - rhel-system-roles should not reload the SELinux policy if its not changed](https://bugzilla.redhat.com/show_bug.cgi?id=1757869)
|
||||||
|
|
||||||
|
[1.0.0] - 2021-02-23
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [network - RFE: [network] Support of DNS with options](https://bugzilla.redhat.com/show_bug.cgi?id=1893959)
|
||||||
|
- [network - RFE: [network] Embrace Inclusive language](https://bugzilla.redhat.com/show_bug.cgi?id=1893957)
|
||||||
|
- [ssh - [8.4] [RFE] Release Ansible role for ssh client in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893712)
|
||||||
|
- [clusterha - [8.4] [RFE] Release Ansible role for cluster HA in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893743)
|
||||||
|
- [logging - Logging - Support RELP secure transport in the logging role configuration](https://bugzilla.redhat.com/show_bug.cgi?id=1889484)
|
||||||
|
- [metrics - [8.4] [RFE] add exporting-metric-data-to-elasticsearch functionality in the metrics role](https://bugzilla.redhat.com/show_bug.cgi?id=1895188)
|
||||||
|
- [metrics - release SQL server configuration support in the metrics role](https://bugzilla.redhat.com/show_bug.cgi?id=1893908)
|
||||||
|
- [[8.4] Package rhel-system-roles in the collection format in addition to the legacy role format](https://bugzilla.redhat.com/show_bug.cgi?id=1893906)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [logging - Logging - Integrating ELK with RHV-4.4 fails as RHVH is missing 'rsyslog-gnutls' package.](https://bugzilla.redhat.com/show_bug.cgi?id=1927943)
|
||||||
|
- [storage - storage: omitted parameters on existing pool/volume is interpreted as "use the default"](https://bugzilla.redhat.com/show_bug.cgi?id=1894651)
|
||||||
|
- [storage - storage: must list disks in order to identify an existing pool](https://bugzilla.redhat.com/show_bug.cgi?id=1894676)
|
||||||
|
- [storage - storage: pool metadata usage must be accounted for by the user](https://bugzilla.redhat.com/show_bug.cgi?id=1894647)
|
||||||
|
- [selinux - Merged fix incorrect default value (there is no variable named "present")](https://bugzilla.redhat.com/show_bug.cgi?id=1926947)
|
||||||
|
- [storage - storage: tests_luks.yml partition case failed with nvme disk](https://bugzilla.redhat.com/show_bug.cgi?id=1865990)
|
||||||
|
|
||||||
|
[1.0] - 2021-01-15
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [tlog - Add exclude_users and exclude_groups support](https://bugzilla.redhat.com/show_bug.cgi?id=1895472)
|
||||||
|
- [crypto_policies - [8.4] [RFE] Release Ansible role for crypto policies in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893699)
|
||||||
|
- [sshd - [8.4] [RFE] Release Ansible role for sshd in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1893696)
|
||||||
|
- [metrics - role should automate the setup of Grafana datasources](https://bugzilla.redhat.com/show_bug.cgi?id=1855544)
|
||||||
|
- [network role: Support -K|--features|--offload ethtool options](https://bugzilla.redhat.com/show_bug.cgi?id=1696703)
|
||||||
|
- [network role: Atomic changes](https://bugzilla.redhat.com/show_bug.cgi?id=1695161)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- [storage - safe mode of storage role does not prevent accidentally losing data when toggling encryption on a volume, disk or pool](https://bugzilla.redhat.com/show_bug.cgi?id=1881524)
|
||||||
|
- [storage - storage: ext2/3/4 resize function doesn't work](https://bugzilla.redhat.com/show_bug.cgi?id=1862867)
|
||||||
|
- [logging - [logging role] cannot setup machine with tls](https://bugzilla.redhat.com/show_bug.cgi?id=1861318)
|
||||||
|
- [certificate - role: The role is not idempotent in rhel7](https://bugzilla.redhat.com/show_bug.cgi?id=1859547)
|
||||||
|
- [logging - Logging - Bug fixes](https://bugzilla.redhat.com/show_bug.cgi?id=1854546)
|
||||||
|
- [logging - [logging role] support scenario for client without key/cert, just CA cert](https://bugzilla.redhat.com/show_bug.cgi?id=1860896)
|
||||||
|
- [metrics - role incorrectly sets up multiple primary pmie processes in multi-host mode](https://bugzilla.redhat.com/show_bug.cgi?id=1855539)
|
||||||
|
- [certificate - role cannot manage EL7 hosts](https://bugzilla.redhat.com/show_bug.cgi?id=1848745)
|
||||||
|
- [network - [network] Support state:down persistent_state:absent for non-existent profile](https://bugzilla.redhat.com/show_bug.cgi?id=1822777)
|
||||||
|
- [network - Creating active bonded interface fails with the initscripts provider](https://bugzilla.redhat.com/show_bug.cgi?id=1848472)
|
||||||
|
- [logging - Logging role had performance issues](https://bugzilla.redhat.com/show_bug.cgi?id=1848762)
|
||||||
|
- [certificate - role does not work on controller hosts which use jinja2 2.10](https://bugzilla.redhat.com/show_bug.cgi?id=1848742)
|
||||||
|
- [nbde_client - fix idempotency, check_mode issues with nbde_client role](https://bugzilla.redhat.com/show_bug.cgi?id=1848766)
|
||||||
|
- [storage - Storage role can remove existing filesystems and volume groups without warning](https://bugzilla.redhat.com/show_bug.cgi?id=1763242)
|
||||||
|
- [network role: Minimize service disruption](https://bugzilla.redhat.com/show_bug.cgi?id=1695157)
|
||||||
|
- [typo in selinux/tests/tests_selinux_disabled.yml: Invalid options for assert: mgs](https://bugzilla.redhat.com/show_bug.cgi?id=1677743)
|
||||||
|
- [Check mode problems in rhel-system-roles](https://bugzilla.redhat.com/show_bug.cgi?id=1685904)
|
||||||
|
|
||||||
|
[0.6] - 2018-05-11
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
### New Features
|
||||||
|
|
||||||
|
- [RFE: Ansible rhel-system-roles.network: add ETHTOOL_OPTS, LINKDELAY, IPV4_FAILURE_FATAL](https://bugzilla.redhat.com/show_bug.cgi?id=1478576)
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
- none
|
1
SOURCES/CHANGELOG.rst
Normal file
1
SOURCES/CHANGELOG.rst
Normal file
@ -0,0 +1 @@
|
|||||||
|
See docs/CHANGELOG.md
|
21
SOURCES/ansible-packaging.inc
Normal file
21
SOURCES/ansible-packaging.inc
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# Helper macros originally from macros.ansible by Igor Raits <ignatenkobrain>
|
||||||
|
# This file is for maintaining the compatibility with macros and other
|
||||||
|
# functionality (generators) provided by ansible-packaging on Fedora.
|
||||||
|
|
||||||
|
Provides: ansible-collection(%{collection_namespace}.%{collection_name}) = %{collection_version}
|
||||||
|
|
||||||
|
# ansible-galaxy is available by ansible-core on RHEL 8.6 and newer at buildtime.
|
||||||
|
%define ansible_collection_build() ansible-galaxy collection build
|
||||||
|
%define ansible_collection_install() ansible-galaxy collection install -n -p %{buildroot}%{_datadir}/ansible/collections %{collection_namespace}-%{collection_name}-%{version}.tar.gz
|
||||||
|
|
||||||
|
%define ansible_roles_dir %{_datadir}/ansible/roles
|
||||||
|
%define ansible_collections_dir %{_datadir}/ansible/collections/ansible_collections
|
||||||
|
|
||||||
|
# TODO: Officially deprecate this macro and add the following line to the macro
|
||||||
|
# def after the new approach has gotten more testing and adoption:
|
||||||
|
# %%{warn: %%{ansible_collection_files} is deprecated. Use %%files -f %%{ansible_collection_filelist} instead.}
|
||||||
|
%define ansible_collection_files %{shrink:
|
||||||
|
%{ansible_collections_dir}/%{collection_namespace}/
|
||||||
|
}
|
||||||
|
|
||||||
|
%define ansible_collection_filelist %{__ansible_builddir}/ansible_collection_files
|
@ -1,428 +0,0 @@
|
|||||||
From e3004a25d680a17852ade20fa7438b5d4acfc470 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Wed, 6 Apr 2022 10:42:17 +0200
|
|
||||||
Subject: [PATCH 1/7] Update templates to apply FIPS hostkeys filter
|
|
||||||
|
|
||||||
This fixes up the commit 7f69d1e6
|
|
||||||
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
---
|
|
||||||
templates/sshd_config.j2 | 6 +++++-
|
|
||||||
templates/sshd_config_snippet.j2 | 6 +++++-
|
|
||||||
2 files changed, 10 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
|
|
||||||
index 15ee668..8c7f322 100644
|
|
||||||
--- a/templates/sshd_config.j2
|
|
||||||
+++ b/templates/sshd_config.j2
|
|
||||||
@@ -22,7 +22,11 @@
|
|
||||||
{% elif sshd[key] is defined %}
|
|
||||||
{% set value = sshd[key] %}
|
|
||||||
{% elif __sshd_defaults[key] is defined and not sshd_skip_defaults %}
|
|
||||||
-{% set value = __sshd_defaults[key] %}
|
|
||||||
+{% if key == 'HostKey' and __sshd_fips_mode %}
|
|
||||||
+{% set value = __sshd_defaults[key] | difference(__sshd_hostkeys_nofips) %}
|
|
||||||
+{% else %}
|
|
||||||
+{% set value = __sshd_defaults[key] %}
|
|
||||||
+{% endif %}
|
|
||||||
{% endif %}
|
|
||||||
{{ render_option(key,value) -}}
|
|
||||||
{% endmacro %}
|
|
||||||
diff --git a/templates/sshd_config_snippet.j2 b/templates/sshd_config_snippet.j2
|
|
||||||
index 6766e09..6b23c76 100644
|
|
||||||
--- a/templates/sshd_config_snippet.j2
|
|
||||||
+++ b/templates/sshd_config_snippet.j2
|
|
||||||
@@ -21,7 +21,11 @@
|
|
||||||
{% elif sshd[key] is defined %}
|
|
||||||
{% set value = sshd[key] %}
|
|
||||||
{% elif __sshd_defaults[key] is defined and not sshd_skip_defaults %}
|
|
||||||
-{% set value = __sshd_defaults[key] %}
|
|
||||||
+{% if key == 'HostKey' and __sshd_fips_mode %}
|
|
||||||
+{% set value = __sshd_defaults[key] | difference(__sshd_hostkeys_nofips) %}
|
|
||||||
+{% else %}
|
|
||||||
+{% set value = __sshd_defaults[key] %}
|
|
||||||
+{% endif %}
|
|
||||||
{% endif %}
|
|
||||||
{{ render_option(key,value) -}}
|
|
||||||
{% endmacro %}
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
||||||
|
|
||||||
From 8ee135cbd9ea63e4345a5ec618d64d14f6b03eee Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Wed, 6 Apr 2022 11:10:27 +0200
|
|
||||||
Subject: [PATCH 2/7] Set explicit path to the main configuration file to work
|
|
||||||
well with the drop-in directory
|
|
||||||
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
---
|
|
||||||
tests/tests_alternative_file.yml | 2 ++
|
|
||||||
tests/tests_alternative_file_role.yml | 2 ++
|
|
||||||
2 files changed, 4 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/tests/tests_alternative_file.yml b/tests/tests_alternative_file.yml
|
|
||||||
index 0a8ccaf..215c726 100644
|
|
||||||
--- a/tests/tests_alternative_file.yml
|
|
||||||
+++ b/tests/tests_alternative_file.yml
|
|
||||||
@@ -6,6 +6,7 @@
|
|
||||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
|
||||||
- /etc/ssh/sshd_config_custom
|
|
||||||
- /etc/ssh/sshd_config_custom_second
|
|
||||||
+ - /tmp/ssh_host_ecdsa_key
|
|
||||||
tasks:
|
|
||||||
- name: "Backup configuration files"
|
|
||||||
include_tasks: tasks/backup.yml
|
|
||||||
@@ -52,6 +53,7 @@
|
|
||||||
include_role:
|
|
||||||
name: ansible-sshd
|
|
||||||
vars:
|
|
||||||
+ sshd_config_file: /etc/ssh/sshd_config
|
|
||||||
sshd:
|
|
||||||
Banner: /etc/issue
|
|
||||||
Ciphers: aes192-ctr
|
|
||||||
diff --git a/tests/tests_alternative_file_role.yml b/tests/tests_alternative_file_role.yml
|
|
||||||
index 9177709..3e7c7ea 100644
|
|
||||||
--- a/tests/tests_alternative_file_role.yml
|
|
||||||
+++ b/tests/tests_alternative_file_role.yml
|
|
||||||
@@ -6,6 +6,7 @@
|
|
||||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
|
||||||
- /etc/ssh/sshd_config_custom
|
|
||||||
- /etc/ssh/sshd_config_custom_second
|
|
||||||
+ - /tmp/ssh_host_ecdsa_key
|
|
||||||
tasks:
|
|
||||||
- name: "Backup configuration files"
|
|
||||||
include_tasks: tasks/backup.yml
|
|
||||||
@@ -57,6 +58,7 @@
|
|
||||||
roles:
|
|
||||||
- ansible-sshd
|
|
||||||
vars:
|
|
||||||
+ sshd_config_file: /etc/ssh/sshd_config
|
|
||||||
sshd:
|
|
||||||
Banner: /etc/issue
|
|
||||||
Ciphers: aes192-ctr
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
||||||
|
|
||||||
From 041e86952d14b5c90795fb553e7ba942d541a6b3 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Wed, 6 Apr 2022 11:17:12 +0200
|
|
||||||
Subject: [PATCH 3/7] tests: Fix OS detection to match also CentOS 9
|
|
||||||
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
---
|
|
||||||
tests/tasks/setup.yml | 5 ++---
|
|
||||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/tasks/setup.yml b/tests/tasks/setup.yml
|
|
||||||
index 90a3f00..a0e9324 100644
|
|
||||||
--- a/tests/tasks/setup.yml
|
|
||||||
+++ b/tests/tasks/setup.yml
|
|
||||||
@@ -26,6 +26,5 @@
|
|
||||||
main_sshd_config_name: 00-ansible_system_role.conf
|
|
||||||
main_sshd_config_path: /etc/ssh/sshd_config.d/
|
|
||||||
when: >
|
|
||||||
- ansible_facts['distribution'] == 'Fedora' or
|
|
||||||
- (ansible_facts['distribution'] == 'RedHat' and
|
|
||||||
- ansible_facts['distribution_major_version']|int > 8)
|
|
||||||
+ ansible_facts['os_family'] == 'RedHat' and
|
|
||||||
+ ansible_facts['distribution_major_version']|int > 8
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
||||||
|
|
||||||
From e33f2f5bb874aa786ac0c81e8ef63509033f6644 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Wed, 6 Apr 2022 11:20:34 +0200
|
|
||||||
Subject: [PATCH 4/7] tests: Slurp the correct file when writing main config
|
|
||||||
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
---
|
|
||||||
tests/tests_alternative_file.yml | 2 +-
|
|
||||||
tests/tests_alternative_file_role.yml | 2 +-
|
|
||||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/tests_alternative_file.yml b/tests/tests_alternative_file.yml
|
|
||||||
index 215c726..172c73a 100644
|
|
||||||
--- a/tests/tests_alternative_file.yml
|
|
||||||
+++ b/tests/tests_alternative_file.yml
|
|
||||||
@@ -82,7 +82,7 @@
|
|
||||||
|
|
||||||
- name: Print the main configuration file
|
|
||||||
slurp:
|
|
||||||
- src: "{{ main_sshd_config }}"
|
|
||||||
+ src: /etc/ssh/sshd_config
|
|
||||||
register: config3
|
|
||||||
|
|
||||||
- name: Check content of first configuration file
|
|
||||||
diff --git a/tests/tests_alternative_file_role.yml b/tests/tests_alternative_file_role.yml
|
|
||||||
index 3e7c7ea..09fbce4 100644
|
|
||||||
--- a/tests/tests_alternative_file_role.yml
|
|
||||||
+++ b/tests/tests_alternative_file_role.yml
|
|
||||||
@@ -98,7 +98,7 @@
|
|
||||||
|
|
||||||
- name: Print the main configuration file
|
|
||||||
slurp:
|
|
||||||
- src: "{{ main_sshd_config }}"
|
|
||||||
+ src: /etc/ssh/sshd_config
|
|
||||||
register: config3
|
|
||||||
|
|
||||||
- name: Check content of first configuration file
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
||||||
|
|
||||||
From 8d91dcecd000e7843ad9e827c3d2e6e04ce05e8d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Wed, 6 Apr 2022 20:28:32 +0200
|
|
||||||
Subject: [PATCH 5/7] Unbreak FIPS detection and hostkey filtering
|
|
||||||
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
---
|
|
||||||
tasks/install.yml | 15 ++++++++-------
|
|
||||||
1 file changed, 8 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tasks/install.yml b/tasks/install.yml
|
|
||||||
index f1d8455..571281c 100644
|
|
||||||
--- a/tasks/install.yml
|
|
||||||
+++ b/tasks/install.yml
|
|
||||||
@@ -40,10 +40,11 @@
|
|
||||||
|
|
||||||
- name: Make sure hostkeys are available and have expected permissions
|
|
||||||
vars: &share_vars
|
|
||||||
+ # 'MAo=' evaluates to '0\n' in base 64 encoding, which is default
|
|
||||||
__sshd_fips_mode: >-
|
|
||||||
- - __sshd_hostkeys_nofips | d([])
|
|
||||||
- - __sshd_kernel_fips_mode.content | b64decode == "1" | bool or \
|
|
||||||
- __sshd_userspace_fips_mode.content | b64decode != "0" | bool
|
|
||||||
+ {{ __sshd_hostkeys_nofips | d([]) and
|
|
||||||
+ (__sshd_kernel_fips_mode.content | d('MAo=') | b64decode | trim == '1' or
|
|
||||||
+ __sshd_userspace_fips_mode.content | d('MAo=') | b64decode | trim != '0') }}
|
|
||||||
# This mimics the macro body_option() in sshd_config.j2
|
|
||||||
# The explicit to_json filter is needed for Python 2 compatibility
|
|
||||||
__sshd_hostkeys_from_config: >-
|
|
||||||
@@ -58,14 +59,14 @@
|
|
||||||
{{ __sshd_defaults['HostKey'] | to_json }}
|
|
||||||
{% endif %}
|
|
||||||
{% else %}
|
|
||||||
- []
|
|
||||||
+ {{ [] | to_json }}
|
|
||||||
{% endif %}
|
|
||||||
__sshd_verify_hostkeys: >-
|
|
||||||
{% if not sshd_verify_hostkeys %}
|
|
||||||
- []
|
|
||||||
+ {{ [] | to_json }}
|
|
||||||
{% elif sshd_verify_hostkeys == 'auto' %}
|
|
||||||
- {% if sshd_HostKey is string %}
|
|
||||||
- [ {{ __sshd_hostkeys_from_config }} ]
|
|
||||||
+ {% if __sshd_hostkeys_from_config | from_json is string %}
|
|
||||||
+ {{ [ __sshd_hostkeys_from_config | from_json ] | to_json }}
|
|
||||||
{% else %}
|
|
||||||
{{ __sshd_hostkeys_from_config }}
|
|
||||||
{% endif %}
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
||||||
|
|
||||||
From d839fb207e29cbbbc1d256260190f113c332ecba Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Mon, 11 Apr 2022 13:06:24 +0200
|
|
||||||
Subject: [PATCH 6/7] tests: Add negative test for FIPS mode
|
|
||||||
|
|
||||||
This fixes also a typo that was overlooked previously
|
|
||||||
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
---
|
|
||||||
tests/tests_hostkeys_fips.yml | 53 ++++++++++++++++++++++++++++++-----
|
|
||||||
1 file changed, 46 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/tests_hostkeys_fips.yml b/tests/tests_hostkeys_fips.yml
|
|
||||||
index 65cc765..7cf3767 100644
|
|
||||||
--- a/tests/tests_hostkeys_fips.yml
|
|
||||||
+++ b/tests/tests_hostkeys_fips.yml
|
|
||||||
@@ -4,13 +4,52 @@
|
|
||||||
__sshd_test_backup_files:
|
|
||||||
- /etc/ssh/sshd_config
|
|
||||||
- /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
|
||||||
- - /etc/ssh/ssh_host_ed255519_key
|
|
||||||
- - /etc/ssh/ssh_host_ed255519_key.pub
|
|
||||||
+ - /etc/ssh/ssh_host_ed25519_key
|
|
||||||
+ - /etc/ssh/ssh_host_ed25519_key.pub
|
|
||||||
- /etc/system-fips
|
|
||||||
tasks:
|
|
||||||
- name: "Backup configuration files"
|
|
||||||
include_tasks: tasks/backup.yml
|
|
||||||
|
|
||||||
+ - name: Run the role with default parameters without FIPS mode
|
|
||||||
+ include_role:
|
|
||||||
+ name: ansible-sshd
|
|
||||||
+
|
|
||||||
+ - name: Verify the options are correctly set
|
|
||||||
+ block:
|
|
||||||
+ - meta: flush_handlers
|
|
||||||
+
|
|
||||||
+ - name: Print current configuration file
|
|
||||||
+ slurp:
|
|
||||||
+ src: "{{ main_sshd_config }}"
|
|
||||||
+ register: config
|
|
||||||
+
|
|
||||||
+ - name: Get stat of private key
|
|
||||||
+ stat:
|
|
||||||
+ path: /etc/ssh/ssh_host_ed25519_key
|
|
||||||
+ register: privkey
|
|
||||||
+
|
|
||||||
+ - name: Get stat of public key
|
|
||||||
+ stat:
|
|
||||||
+ path: /etc/ssh/ssh_host_ed25519_key.pub
|
|
||||||
+ register: pubkey
|
|
||||||
+
|
|
||||||
+ - name: Check the key is in configuration file (without include)
|
|
||||||
+ assert:
|
|
||||||
+ that:
|
|
||||||
+ - "'HostKey /etc/ssh/ssh_host_ed25519_key' in config.content | b64decode"
|
|
||||||
+ when:
|
|
||||||
+ - ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version']|int < 9
|
|
||||||
+
|
|
||||||
+ - name: Check host key was generated
|
|
||||||
+ assert:
|
|
||||||
+ that:
|
|
||||||
+ - privkey.stat.exists
|
|
||||||
+ - pubkey.stat.exists
|
|
||||||
+ when:
|
|
||||||
+ - ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version']|int > 6
|
|
||||||
+ tags: tests::verify
|
|
||||||
+
|
|
||||||
- name: Fake FIPS mode
|
|
||||||
block:
|
|
||||||
- name: Create temporary directory
|
|
||||||
@@ -40,13 +79,13 @@
|
|
||||||
- name: Remove the Ed25519 hostkey
|
|
||||||
file:
|
|
||||||
path:
|
|
||||||
- /etc/ssh/ssh_host_ed255519_key
|
|
||||||
+ /etc/ssh/ssh_host_ed25519_key
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: Remove the Ed25519 pubkey
|
|
||||||
file:
|
|
||||||
path:
|
|
||||||
- /etc/ssh/ssh_host_ed255519_key.pub
|
|
||||||
+ /etc/ssh/ssh_host_ed25519_key.pub
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: Run the role with default parameters
|
|
||||||
@@ -64,18 +103,18 @@
|
|
||||||
|
|
||||||
- name: Get stat of private key
|
|
||||||
stat:
|
|
||||||
- path: /etc/ssh/ssh_host_ed255519_key
|
|
||||||
+ path: /etc/ssh/ssh_host_ed25519_key
|
|
||||||
register: privkey
|
|
||||||
|
|
||||||
- name: Get stat of public key
|
|
||||||
stat:
|
|
||||||
- path: /etc/ssh/ssh_host_ed255519_key.pub
|
|
||||||
+ path: /etc/ssh/ssh_host_ed25519_key.pub
|
|
||||||
register: pubkey
|
|
||||||
|
|
||||||
- name: Check the key is not in configuration file
|
|
||||||
assert:
|
|
||||||
that:
|
|
||||||
- - "'HostKey /etc/ssh/ssh_host_ed255519_key' not in config.content | b64decode"
|
|
||||||
+ - "'HostKey /etc/ssh/ssh_host_ed25519_key' not in config.content | b64decode"
|
|
||||||
|
|
||||||
- name: Check no host key was generated
|
|
||||||
assert:
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
||||||
|
|
||||||
From 2a49697fa4bb6281796e76a4b7ee34c356f802cc Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Mon, 11 Apr 2022 13:07:44 +0200
|
|
||||||
Subject: [PATCH 7/7] Introduce default hostkeys to check when using drop-in
|
|
||||||
directory
|
|
||||||
|
|
||||||
Previously no hostkeys were checked if they were not present
|
|
||||||
in the generated configuration file. When the drop-in directory is
|
|
||||||
used, usually, there are no hostkeys in that file and no sanity
|
|
||||||
check for hostkeys was executed.
|
|
||||||
|
|
||||||
This amends the "auto" value for the hostkeys check to allow checking
|
|
||||||
for default hostkeys that are read by OpenSSH by default.
|
|
||||||
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
---
|
|
||||||
defaults/main.yml | 1 +
|
|
||||||
tasks/install.yml | 8 +++++++-
|
|
||||||
vars/Fedora.yml | 6 ++++++
|
|
||||||
vars/RedHat_9.yml | 6 ++++++
|
|
||||||
4 files changed, 20 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/defaults/main.yml b/defaults/main.yml
|
|
||||||
index 18d6114..7e40e51 100644
|
|
||||||
--- a/defaults/main.yml
|
|
||||||
+++ b/defaults/main.yml
|
|
||||||
@@ -61,6 +61,7 @@ sshd_sftp_server: /usr/lib/openssh/sftp-server
|
|
||||||
# configuration or restarting), we make sure the keys exist and have correct
|
|
||||||
# permissions. To disable this check, set sshd_verify_hostkeys to false
|
|
||||||
sshd_verify_hostkeys: "auto"
|
|
||||||
+__sshd_verify_hostkeys_default: []
|
|
||||||
sshd_hostkey_owner: "{{ __sshd_hostkey_owner }}"
|
|
||||||
sshd_hostkey_group: "{{ __sshd_hostkey_group }}"
|
|
||||||
sshd_hostkey_mode: "{{ __sshd_hostkey_mode }}"
|
|
||||||
diff --git a/tasks/install.yml b/tasks/install.yml
|
|
||||||
index 571281c..fa7d3c3 100644
|
|
||||||
--- a/tasks/install.yml
|
|
||||||
+++ b/tasks/install.yml
|
|
||||||
@@ -65,7 +65,13 @@
|
|
||||||
{% if not sshd_verify_hostkeys %}
|
|
||||||
{{ [] | to_json }}
|
|
||||||
{% elif sshd_verify_hostkeys == 'auto' %}
|
|
||||||
- {% if __sshd_hostkeys_from_config | from_json is string %}
|
|
||||||
+ {% if not __sshd_hostkeys_from_config | from_json %}
|
|
||||||
+ {% if __sshd_fips_mode %}
|
|
||||||
+ {{ __sshd_verify_hostkeys_default | difference(__sshd_hostkeys_nofips) | to_json }}
|
|
||||||
+ {% else %}
|
|
||||||
+ {{ __sshd_verify_hostkeys_default | to_json }}
|
|
||||||
+ {% endif %}
|
|
||||||
+ {% elif __sshd_hostkeys_from_config | from_json is string %}
|
|
||||||
{{ [ __sshd_hostkeys_from_config | from_json ] | to_json }}
|
|
||||||
{% else %}
|
|
||||||
{{ __sshd_hostkeys_from_config }}
|
|
||||||
diff --git a/vars/Fedora.yml b/vars/Fedora.yml
|
|
||||||
index 77bf172..cf2b081 100644
|
|
||||||
--- a/vars/Fedora.yml
|
|
||||||
+++ b/vars/Fedora.yml
|
|
||||||
@@ -9,5 +9,11 @@ sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
|
||||||
__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
|
||||||
__sshd_defaults:
|
|
||||||
__sshd_os_supported: yes
|
|
||||||
+__sshd_verify_hostkeys_default:
|
|
||||||
+ - /etc/ssh/ssh_host_rsa_key
|
|
||||||
+ - /etc/ssh/ssh_host_ecdsa_key
|
|
||||||
+ - /etc/ssh/ssh_host_ed25519_key
|
|
||||||
+__sshd_hostkeys_nofips:
|
|
||||||
+ - /etc/ssh/ssh_host_ed25519_key
|
|
||||||
__sshd_hostkey_group: ssh_keys
|
|
||||||
__sshd_hostkey_mode: "0640"
|
|
||||||
diff --git a/vars/RedHat_9.yml b/vars/RedHat_9.yml
|
|
||||||
index 33df26a..55239f4 100644
|
|
||||||
--- a/vars/RedHat_9.yml
|
|
||||||
+++ b/vars/RedHat_9.yml
|
|
||||||
@@ -9,5 +9,11 @@ sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
|
||||||
__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
|
||||||
__sshd_defaults:
|
|
||||||
__sshd_os_supported: yes
|
|
||||||
+__sshd_verify_hostkeys_default:
|
|
||||||
+ - /etc/ssh/ssh_host_rsa_key
|
|
||||||
+ - /etc/ssh/ssh_host_ecdsa_key
|
|
||||||
+ - /etc/ssh/ssh_host_ed25519_key
|
|
||||||
+__sshd_hostkeys_nofips:
|
|
||||||
+ - /etc/ssh/ssh_host_ed25519_key
|
|
||||||
__sshd_hostkey_group: ssh_keys
|
|
||||||
__sshd_hostkey_mode: "0640"
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
10
SOURCES/extrasources.inc
Normal file
10
SOURCES/extrasources.inc
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
Source801: https://galaxy.ansible.com/download/ansible-posix-1.5.4.tar.gz
|
||||||
|
Source901: https://galaxy.ansible.com/download/community-general-8.3.0.tar.gz
|
||||||
|
Source902: https://galaxy.ansible.com/download/containers-podman-1.12.0.tar.gz
|
||||||
|
|
||||||
|
Provides: bundled(ansible-collection(ansible.posix)) = 1.5.4
|
||||||
|
Provides: bundled(ansible-collection(community.general)) = 8.3.0
|
||||||
|
Provides: bundled(ansible-collection(containers.podman)) = 1.12.0
|
||||||
|
|
||||||
|
Source996: CHANGELOG.rst
|
||||||
|
Source998: collection_readme.sh
|
@ -1,65 +0,0 @@
|
|||||||
From d6c8319f52f3859b28044841063adf0013df878b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rich Megginson <rmeggins@redhat.com>
|
|
||||||
Date: Thu, 25 Mar 2021 13:57:45 -0600
|
|
||||||
Subject: [PATCH 3/4] Patch53: network-disable-bondtests.diff
|
|
||||||
|
|
||||||
---
|
|
||||||
tests/playbooks/tests_bond.yml | 2 ++
|
|
||||||
tests/playbooks/tests_bond_deprecated.yml | 2 ++
|
|
||||||
tests/tests_bond_deprecated_initscripts.yml | 1 +
|
|
||||||
tests/tests_bond_initscripts.yml | 1 +
|
|
||||||
4 files changed, 6 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/tests/playbooks/tests_bond.yml b/tests/playbooks/tests_bond.yml
|
|
||||||
index 1e45788..d3005a6 100644
|
|
||||||
--- a/tests/playbooks/tests_bond.yml
|
|
||||||
+++ b/tests/playbooks/tests_bond.yml
|
|
||||||
@@ -8,6 +8,8 @@
|
|
||||||
dhcp_interface1: test1
|
|
||||||
port2_profile: bond0.1
|
|
||||||
dhcp_interface2: test2
|
|
||||||
+ tags:
|
|
||||||
+ - "tests::expfail"
|
|
||||||
tasks:
|
|
||||||
- name: "INIT Prepare setup"
|
|
||||||
debug:
|
|
||||||
diff --git a/tests/playbooks/tests_bond_deprecated.yml b/tests/playbooks/tests_bond_deprecated.yml
|
|
||||||
index f37e19a..ae475c4 100644
|
|
||||||
--- a/tests/playbooks/tests_bond_deprecated.yml
|
|
||||||
+++ b/tests/playbooks/tests_bond_deprecated.yml
|
|
||||||
@@ -8,6 +8,8 @@
|
|
||||||
dhcp_interface1: test1
|
|
||||||
port2_profile: bond0.1
|
|
||||||
dhcp_interface2: test2
|
|
||||||
+ tags:
|
|
||||||
+ - "tests::expfail"
|
|
||||||
tasks:
|
|
||||||
- name: "INIT Prepare setup"
|
|
||||||
debug:
|
|
||||||
diff --git a/tests/tests_bond_deprecated_initscripts.yml b/tests/tests_bond_deprecated_initscripts.yml
|
|
||||||
index 383b488..cdf3de0 100644
|
|
||||||
--- a/tests/tests_bond_deprecated_initscripts.yml
|
|
||||||
+++ b/tests/tests_bond_deprecated_initscripts.yml
|
|
||||||
@@ -10,6 +10,7 @@
|
|
||||||
network_provider: initscripts
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
+ - "tests::expfail"
|
|
||||||
|
|
||||||
- import_playbook: playbooks/tests_bond_deprecated.yml
|
|
||||||
when: (ansible_distribution in ['CentOS','RedHat'] and
|
|
||||||
diff --git a/tests/tests_bond_initscripts.yml b/tests/tests_bond_initscripts.yml
|
|
||||||
index 8fa74c5..6a231c4 100644
|
|
||||||
--- a/tests/tests_bond_initscripts.yml
|
|
||||||
+++ b/tests/tests_bond_initscripts.yml
|
|
||||||
@@ -10,6 +10,7 @@
|
|
||||||
network_provider: initscripts
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
+ - "tests::expfail"
|
|
||||||
|
|
||||||
- import_playbook: playbooks/tests_bond.yml
|
|
||||||
when: (ansible_distribution in ['CentOS','RedHat'] and
|
|
||||||
--
|
|
||||||
2.30.2
|
|
||||||
|
|
102
SOURCES/vendoring-build.inc
Normal file
102
SOURCES/vendoring-build.inc
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
# maps the source file to the roles that use that file
|
||||||
|
# value can be string or space delimited list of strings
|
||||||
|
# role name `__collection` means - do not vendor into
|
||||||
|
# role, just vendor directly into the collection
|
||||||
|
declare -A plugin_map=(
|
||||||
|
[ansible/posix/plugins/modules/selinux.py]=selinux
|
||||||
|
[ansible/posix/plugins/modules/seboolean.py]=selinux
|
||||||
|
[ansible/posix/plugins/modules/mount.py]=storage
|
||||||
|
[ansible/posix/plugins/modules/rhel_facts.py]=__collection
|
||||||
|
[ansible/posix/plugins/modules/rhel_rpm_ostree.py]=__collection
|
||||||
|
[ansible/posix/plugins/module_utils/mount.py]=storage
|
||||||
|
[community/general/plugins/modules/ini_file.py]="tlog ad_integration"
|
||||||
|
[community/general/plugins/modules/modprobe.py]=ha_cluster
|
||||||
|
[community/general/plugins/modules/redhat_subscription.py]=rhc
|
||||||
|
[community/general/plugins/modules/rhsm_release.py]=rhc
|
||||||
|
[community/general/plugins/modules/rhsm_repository.py]=rhc
|
||||||
|
[community/general/plugins/modules/seport.py]=selinux
|
||||||
|
[community/general/plugins/modules/sefcontext.py]=selinux
|
||||||
|
[community/general/plugins/modules/selogin.py]=selinux
|
||||||
|
[containers/podman/plugins/modules/podman_container_info.py]=podman
|
||||||
|
[containers/podman/plugins/modules/podman_image.py]=podman
|
||||||
|
[containers/podman/plugins/modules/podman_play.py]=podman
|
||||||
|
[containers/podman/plugins/modules/podman_secret.py]=podman
|
||||||
|
[containers/podman/plugins/module_utils/podman/common.py]=podman
|
||||||
|
)
|
||||||
|
|
||||||
|
declare -a modules mod_utils collection_plugins
|
||||||
|
declare -A dests
|
||||||
|
# vendor in plugin files - fix documentation, fragments
|
||||||
|
for src in "${!plugin_map[@]}"; do
|
||||||
|
roles="${plugin_map["$src"]}"
|
||||||
|
if [ "$roles" = __collection ]; then
|
||||||
|
collection_plugins+=("$src")
|
||||||
|
else
|
||||||
|
case "$src" in
|
||||||
|
*/plugins/modules/*) srcdir=plugins/modules; subdir=library; modules+=("$src") ;;
|
||||||
|
*/plugins/module_utils/*) srcdir=plugins/module_utils; mod_utils+=("$src") ;;
|
||||||
|
*/plugins/action/*) srcdir=plugins/action ;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
for role in $roles; do
|
||||||
|
if [ "$role" = __collection ]; then
|
||||||
|
dest="%{collection_build_path}/plugins${src/#*plugins/}"
|
||||||
|
dests["$dest"]=__collection
|
||||||
|
else
|
||||||
|
case "$src" in
|
||||||
|
*/plugins/module_utils/*) subdir="module_utils/${role}_lsr" ;;
|
||||||
|
esac
|
||||||
|
dest="$role/${src/#*${srcdir}/${subdir}}"
|
||||||
|
dests["$dest"]="$role"
|
||||||
|
fi
|
||||||
|
destdir="$(dirname "$dest")"
|
||||||
|
if [ ! -d "$destdir" ]; then
|
||||||
|
mkdir -p "$destdir"
|
||||||
|
fi
|
||||||
|
cp -pL ".external/$src" "$dest"
|
||||||
|
sed -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this plugin directly! It is only for role internal use.\n\1/' \
|
||||||
|
-e '/^extends_documentation_fragment:/,/^[^ -]/{/^extends/d;/^[ -]/d}' \
|
||||||
|
-i "$dest"
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
# remove the temporary .external directory after vendoring
|
||||||
|
rm -rf .external
|
||||||
|
|
||||||
|
# fix python imports to point from the old name to the new name
|
||||||
|
for dest in "${!dests[@]}"; do
|
||||||
|
role="${dests["$dest"]}"
|
||||||
|
for module in "${modules[@]}"; do
|
||||||
|
python_name="$(dirname "$module")"
|
||||||
|
python_name="${python_name////[.]}"
|
||||||
|
sed -e "s/ansible_collections[.]${python_name}[.]/ansible.modules./" -i "$dest"
|
||||||
|
done
|
||||||
|
for mod_util in "${mod_utils[@]}"; do
|
||||||
|
# some mod_utils have subdirs, some do not
|
||||||
|
split=(${mod_util//// })
|
||||||
|
python_name="ansible_collections[.]${split[0]}[.]${split[1]}[.]plugins[.]module_utils[.]"
|
||||||
|
sed -e "s/${python_name}/ansible.module_utils.${role}_lsr./" -i "$dest"
|
||||||
|
done
|
||||||
|
for plugin in "${collection_plugins[@]}"; do
|
||||||
|
python_name="$(dirname "$plugin")"
|
||||||
|
dest_python_name="%{collection_namespace}/%{collection_name}/plugins${python_name/#*plugins/}"
|
||||||
|
src_python_name="ansible_collections.${python_name////[.]}"
|
||||||
|
dest_python_name="ansible_collections.${dest_python_name////.}"
|
||||||
|
sed -e "s/${src_python_name}/${dest_python_name}/" -i "$dest"
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
# Replacing "linux-system-roles.rolename" with "rhel-system-roles.rolename" in each role
|
||||||
|
# Replacing "fedora.linux_system_roles." with "redhat.rhel_system_roles" in each role
|
||||||
|
# This is for the "roles calling other roles" case
|
||||||
|
# for podman, change the FQCN - using a non-FQCN module name doesn't seem to work,
|
||||||
|
# even for the legacy role format
|
||||||
|
for rolename in %{rolenames}; do
|
||||||
|
find "$rolename" -type f -exec \
|
||||||
|
sed -e "s/linux-system-roles[.]${rolename}\\>/%{roleinstprefix}${rolename}/g" \
|
||||||
|
-e "s/fedora[.]linux_system_roles[.]/%{collection_namespace}.%{collection_name}./g" \
|
||||||
|
-e "s/containers[.]podman[.]/%{collection_namespace}.%{collection_name}./g" \
|
||||||
|
-e "s/community[.]general[.]/%{collection_namespace}.%{collection_name}./g" \
|
||||||
|
-e "s/ansible[.]posix[.]/%{collection_namespace}.%{collection_name}./g" \
|
||||||
|
-i {} \;
|
||||||
|
done
|
12
SOURCES/vendoring-prep.inc
Normal file
12
SOURCES/vendoring-prep.inc
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
# Untar vendored collection tarballs to corresponding directories
|
||||||
|
for file in %{SOURCE801} %{SOURCE901} %{SOURCE902}; do
|
||||||
|
if [[ "$(basename $file)" =~ ([^-]+)-([^-]+)-(.+).tar.gz ]]; then
|
||||||
|
ns=${BASH_REMATCH[1]}
|
||||||
|
name=${BASH_REMATCH[2]}
|
||||||
|
ver=${BASH_REMATCH[3]}
|
||||||
|
mkdir -p .external/$ns/$name
|
||||||
|
pushd .external/$ns/$name > /dev/null
|
||||||
|
tar xfz "$file"
|
||||||
|
popd > /dev/null
|
||||||
|
fi
|
||||||
|
done
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user