44302dfdc5
Resolves:rhbz#2233183
ad_integration - leaks credentials when in check_mode
(cherry picked from commit 86eefbad8d
)
35 KiB
35 KiB
Changelog
[1.22.0] - 2023-08-15
New Features
- ALL - fingerprint in config files managed by roles
- ad_integration - add ad_integration_force_rejoin
- certificate - add mode parameter to change permissions for cert files
- firewall - missing module in linux-system-roles.firewall to create an ipset
- firewall - fix: reload on resetting to defaults
- firewall - should have option to disable conflicting services
- ha_cluster - Add possibility to load SBD watchdog kernel modules
- ha_cluster - cluster and quorum can have distinct passwords
- ha_cluster - support for resource and operation defaults
- kdump - support auto_reset_crashkernel, dracut_args, deprecate /etc/sysconfig/kdump
- keylime_server - system role for managing keylime servers
- network - Support configuring auto-dns setting
- network - Support no-aaaa DNS option
- podman - allow container networking configuration
- podman - support for healthchecks and healthcheck actions
- podman - support quadlet units
- postgresql - [RFE] system role for PostgreSQL management
- rhc - implement rhc_proxy.scheme
- rhc - [RFE] New role for Red Hat subscription management, insights management [rhel-8.9.0]
- ssh - add ssh_backup option with default true
- storage - RFE for the storage system role to support configuring the stripe size for RAID LVM volumes
- storage - [RFE] user-specified mount point owner and permissions
- systemd - system role for managing systemd units
Bug Fixes
- ALL - facts being gathered unnecessarily
- ad_integration - leaks credentials when in check_mode
- certificate - rhel-system-roles.certificate does not re-issue after updating key_size
- firewall - fix: reload on resetting to defaults
- firewall - Check mode fails with replacing previous rules
- firewall - Check mode fails when creating new firewall service
- firewall - Ansible RHEL firewall system role not idempotent when configuring the interface using the role in rhel9
- firewall - Don't install python(3)-firewall it's a dependency of firewalld
- firewall - fix: files: overwrite firewalld.conf on previous replaced
- kdump - use failure_action instead of default on EL9 and later
- kdump - role: "Write new authorized_keys if needed" task idempotency issues
- kdump - system role fails if kdump_ssh_user doesn't have a .ssh/authorized_keys file in home directory
- kdump - fix: ensure .ssh directory exists for kdump_ssh_user on kdump_ssh_server
- kdump - fix: Ensure authorized_keys management works with multiple hosts
- podman - Podman system role: Unable to use podman_registries_conf to set unqualified-search-registries
- rhc - system role does not apply Insights tags
- storage - Cannot set chunk size for RAID: Unsupported parameters for (blivet) module: pools.raid_chunk_size
- storage - RAID volume pre cleanup - remove existing data from member disks as needed before creation
- storage - Storage: mounted devices that are in use cannot be resized
- storage - fix: use stat.pw_name, stat.gr_name instead of owner, group
- tlog - use the proxy provider - the files provider is deprecated in sssd
[1.21.1] - 2023-03-16
New Features
Bug Fixes
- none
[1.21.0] - 2023-02-20
New Features
- ad_integration - [RFE] new role to support AD integration, join to AD domain
- cockpit - [RFE] convert cockpit role to use firewall, selinux role, and certificate role
- ha_cluster - Allow quorum device configuration
- ha_cluster - [RFE] convert ha_cluster role to use firewall, selinux and certificate role
- journald - New role - journald - manage systemd-journald
- logging - [RFE] convert logging role to use firewall, selinux role, and certificate role
- metrics - [RFE] convert metrics role to use firewall and selinux role
- nbde_server - [RFE] convert nbde_server role to use firewall and selinux role
- network - Support cloned MAC address
- network - [RFE] Support setting the metric of the default route for initscripts provider
- network - [RFE] Support the DNS priority
- network - Support looking up named route table in routing rule
- podman - [RFE] role for managing podman containers and systemd
- postfix - [RFE] convert postfix role to use firewall and selinux role
- selinux - add support for the 'local' parameter
- vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid
- vpn - [RFE] convert vpn role to use firewall and selinux role
Bug Fixes
- ha_cluster - Fix stonith watchdog timeout
- ha_cluster - Allow enabled SBD on disabled cluster
- ha_cluster - use no_log in tasks looping over pot. secret parameters
- nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data
- nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names
- network - should route traffic via correct bond
- selinux - managing modules is not idempotent
- sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found
- tlog - Unconditionally enable the files provider
[1.20.0] - 2022-08-09
New Features
- cockpit - Add customization of port
- firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID
- firewall - support for firewall_config - gather firewall facts
- logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs
- selinux - Added setting of seuser and selevel for completeness
Bug Fixes
- nbde_client - Sets proper spacing for parameter rd.neednet=1
- network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence
- ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing
- storage - [RHEL8] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the
loop_var
value in theloop_control
option for the task to something else to avoid variable collisions and unexpected behavior.
[1.19.3] - 2022-07-01
New Features
- firewall - support add/modify/delete services
- network - [RFE] [network] Support managing the network through nmstate schema
- storage - support for adding/removing disks to/from storage pools
- storage - support for attaching cache volumes to existing volumes
Bug Fixes
- firewall - forward_port should accept list of string or list of dict
- metrics - document minimum supported redis version required by rhel-system-roles
- metrics - restart pmie, pmlogger if changed, do not wait for handler
[1.19.2] - 2022-06-15
New Features
Bug Fixes
- none
[1.19.1] - 2022-06-13
New Features
- storage - support for creating and managing LVM thin pools/LVs
- All roles should support running with gather_facts: false
Bug Fixes
- none
[1.19.0] - 2022-06-06
New Features
- storage - support for creating and managing LVM thin pools/LVs
- firewall - state no longer required for masquerade and ICMP block inversion
Bug Fixes
[1.18.0] - 2022-05-26
New Features
- firewall - [Improvement] Allow System Role to reset to default Firewalld Settings
- metrics - [RFE] add an option to the metrics role to enable postfix metric collection
- network - Rework the infiniband support
- sshd - system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf"
- sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9
Bug Fixes
[1.17.0] - 2022-04-25
New Features
- All roles should support running with gather_facts: false
- ha_cluster - support advanced corosync configuration
- ha_cluster - support SBD fencing
- ha_cluster - add support for configuring bundle resources
- logging - Logging - RFE - support template, severity and facility options
- metrics - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]
- metrics - [RFE] add an option to the metrics role to enable postfix metric collection
- network - [RFE] Extend rhel-system-roles.network feature set to support routing rules
- network - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]
- postfix - consistently use ansible_managed in configuration files managed by role [rhel-8.7.0]
- postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default [rhel-8.7.0]
Bug Fixes
- firewall - Firewall system role Ansible deprecation warning related to "include"
- kernel_settings - error configobj not found on RHEL 8.6 managed hosts [rhel-8.7.0]
- metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run [rhel-8.7.0]
- nbde_client - NBDE client system role does not support servers with static IP addresses [rhel-8.7.0]
- network - bond: fix typo in supporting the infiniband ports in active-backup mode
- sshd - FIPS mode detection in SSHD role is wrong
- storage - RFE storage Less verbosity by default
- tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default
[1.16.3] - 2022-04-07
New Features
- none
Bug Fixes
[1.16.2] - 2022-04-06
New Features
Bug Fixes
- none
[1.16.1] - 2022-03-29
New Features
Bug Fixes
- none
[1.16.0] - 2022-03-22
New Features
- network - consistently use ansible_managed in configuration files managed by role
- metrics - consistently use ansible_managed in configuration files managed by role
- postfix - consistently use ansible_managed in configuration files managed by role
- postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default
Bug Fixes
[1.15.1] - 2022-03-03
New Features
- none
Bug Fixes
- kernel_settings - error configobj not found on RHEL 8.6 managed hosts
- timesync - timesync: basic-smoke test failure in timesync/tests_ntp.yml
[1.15.0] - 2022-03-01
New Features
Bug Fixes
- metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run
- firewall - ensure target changes take effect immediately
[1.14.0] - 2022-02-14
New Features
- network - [RFE] Add more bonding options to rhel-system-roles.network
- certificate - should consistently use ansible_managed in hook scripts
- tlog - consistently use ansible_managed in configuration files managed by role
- vpn - consistently use ansible_managed in configuration files managed by role
Bug Fixes
[1.13.1] - 2022-02-08
New Features
- none
Bug Fixes
- vpn - vpn: template error while templating string: no filter named 'vpn_ipaddr'
- kdump - kdump: Unable to start service kdump: Job for kdump.service failed because the control process exited with error code.
[1.13.0] - 2022-02-01
New Features
- storage - RFE: Add support for RAID volumes (lvm-only)
- storage - RFE: Add support for cached volumes (lvm-only)
- nbde_client - NBDE client system role does not support servers with static IP addresses
- ha_cluster - [RFE] ha_cluster - Support for creating resource constraints (Location, Ordering, etc.)
- network - RFE: Support Routing Tables in static routes in Network Role
Bug Fixes
- metrics - role can't be re-run if the Grafana admin password has been changed
- network - Failure to activate connection: nm-manager-error-quark: No suitable device found for this connection
- network - Set DNS search setting only for enabled IP protocols
[1.12.0] - 2022-01-27
New Features
- none
Bug Fixes
- logging - Logging role "logging_purge_confs" option not properly working
- kernel_settings - role should use ansible_managed in its configuration file
[1.11.0] - 2022-01-20
New Features
- Support ansible-core 2.11+
- cockpit - Please include "cockpit" role
- ssh - ssh/tests_all_options.yml: "assertion": "'StdinNull yes' in config.content | b64decode ", failure
Bug Fixes
- timesync - timesync: Failure related to missing ntp/ntpd package/service on RHEL-9 host
- logging - role missing quotes for immark module interval value
- kdump - kdump: support reboot required and reboot ok
- sshd - should detect FIPS mode and handle tasks correctly in FIPS mode
[1.10.0] - 2021-11-08
New Features
- cockpit - Please include "cockpit" role
- firewall - Ansible Roles for RHEL Firewall
- firewall - RFE: firewall-system-role: add ability to add-source
- firewall - RFE: firewall-system-role: allow user defined zones
- firewall - RFE: firewall-system-role: allow specifying the zone
- Support ansible-core 2.11+
- network - role: Allow to specify PCI address to configure profiles
- network - [RFE] support wifi Enhanced Open (OWE)
- network - [RFE] support WPA3 Simultaneous Authentication of Equals(SAE)
- network - [Network] RFE: Support ignoring default gateway retrieved by DHCP/IPv6-RA
- logging - [RFE] logging - Add user and password
Bug Fixes
- Replace
# {{ ansible_managed }}
with{{ ansible_managed | comment }}
- logging - role missing quotes for immark module interval value
- logging - Logging - Performance improvement
- nbde_client - add regenerate-all to the dracut command
- certificate - certificates: "group" option keeps certificates inaccessible to the group
[1.7.3] - 2021-08-26
New Features
Bug Fixes
- none
[1.7.2] - 2021-08-24
New Features
- none
Bug Fixes
[1.7.1] - 2021-08-16
New Features
- none
Bug Fixes
[1.7.0] - 2021-08-12
New Features
Bug Fixes
[1.6.6] - 2021-08-06
New Features
Bug Fixes
- none
[1.6.2] - 2021-07-30
New Features
- none
Bug Fixes
[1.6.0] - 2021-07-28
New Features
Bug Fixes
- none
[1.5.0] - 2021-07-15
New Features
Bug Fixes
- none
[1.4.3] - 2021-07-15
New Features
Bug Fixes
- none
[1.4.2] - 2021-07-15
New Features
Bug Fixes
- none
[1.4.1] - 2021-07-09
New Features
- none
Bug Fixes
[1.4.0] - 2021-07-08
New Features
Bug Fixes
- none
[1.3.0] - 2021-06-23
New Features
- ha_cluster - RFE: add pacemaker resources configuration
- network - [Network] RFE: Support ignoring default gateway retrieved by DHCP/IPv6-RA
- storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)
- sshd - RFE: sshd - support for appending a snippet to configuration file
- timesync - RFE: timesync support for Network Time Security (NTS)
Bug Fixes
- postfix - Postfix RHEL system role README.md missing variables under the "Role Variables" section
- postfix - the postfix role is not idempotent
- selinux - task for semanage says Fedora in name but also runs on RHEL/CentOS 8
- metrics - role task to enable logging for targeted hosts not working
- sshd ssh - Unable to set sshd_hostkey_group and sshd_hostkey_mode
[1.2.3] - 2021-06-17
New Features
Bug Fixes
- none
[1.2.2] - 2021-06-15
New Features
Bug Fixes
[1.2.1] - 2021-05-21
New Features
- none
Bug Fixes
[1.2.0] - 2021-05-17
New Features
Bug Fixes
- postfix - postfix: Use FQRN in README
- postfix - Documentation error in rhel-system-roles postfix readme file
- storage - storage: calltrace observed when set type: partition for storage_pools
[1.1.0] - 2021-05-13
New Features
- timesync - [RFE] support for free form configuration for chrony
- timesync - [RFE] support for timesync_max_distance to configure maxdistance/maxdist parameter
- timesync - [RFE] support for ntp xleave, filter, and hw timestamping
- selinux - [RFE] Ability to install custom SELinux module via Ansible
- network - support for ipv6_disabled to disable ipv6 for address
- vpn - [RFE] Release Ansible role for vpn in rhel-system-roles
Bug Fixes
- Bug fixes for Collection/Automation Hub
- timesync - do not use ignore_errors in timesync role
- selinux - rhel-system-roles should not reload the SELinux policy if its not changed
[1.0.0] - 2021-02-23
New Features
- network - RFE: [network] Support of DNS with options
- network - RFE: [network] Embrace Inclusive language
- ssh - [8.4] [RFE] Release Ansible role for ssh client in rhel-system-roles
- clusterha - [8.4] [RFE] Release Ansible role for cluster HA in rhel-system-roles
- logging - Logging - Support RELP secure transport in the logging role configuration
- metrics - [8.4] [RFE] add exporting-metric-data-to-elasticsearch functionality in the metrics role
- metrics - release SQL server configuration support in the metrics role
- [8.4] Package rhel-system-roles in the collection format in addition to the legacy role format
Bug Fixes
- logging - Logging - Integrating ELK with RHV-4.4 fails as RHVH is missing 'rsyslog-gnutls' package.
- storage - storage: omitted parameters on existing pool/volume is interpreted as "use the default"
- storage - storage: must list disks in order to identify an existing pool
- storage - storage: pool metadata usage must be accounted for by the user
- selinux - Merged fix incorrect default value (there is no variable named "present")
- storage - storage: tests_luks.yml partition case failed with nvme disk
[1.0] - 2021-01-15
New Features
- tlog - Add exclude_users and exclude_groups support
- crypto_policies - [8.4] [RFE] Release Ansible role for crypto policies in rhel-system-roles
- sshd - [8.4] [RFE] Release Ansible role for sshd in rhel-system-roles
- metrics - role should automate the setup of Grafana datasources
- network role: Support -K|--features|--offload ethtool options
- network role: Atomic changes
Bug Fixes
- storage - safe mode of storage role does not prevent accidentally losing data when toggling encryption on a volume, disk or pool
- storage - storage: ext2/3/4 resize function doesn't work
- logging - [logging role] cannot setup machine with tls
- certificate - role: The role is not idempotent in rhel7
- logging - Logging - Bug fixes
- logging - [logging role] support scenario for client without key/cert, just CA cert
- metrics - role incorrectly sets up multiple primary pmie processes in multi-host mode
- certificate - role cannot manage EL7 hosts
- network - [network] Support state:down persistent_state:absent for non-existent profile
- network - Creating active bonded interface fails with the initscripts provider
- logging - Logging role had performance issues
- certificate - role does not work on controller hosts which use jinja2 2.10
- nbde_client - fix idempotency, check_mode issues with nbde_client role
- storage - Storage role can remove existing filesystems and volume groups without warning
- network role: Minimize service disruption
- typo in selinux/tests/tests_selinux_disabled.yml: Invalid options for assert: mgs
- Check mode problems in rhel-system-roles
[0.6] - 2018-05-11
New Features
Bug Fixes
- none