rhel-system-roles/CHANGELOG.md

Changelog

[1.22.0-0.13] - 2023-06-23

New Features

• ssh - add ssh_backup option with default true

Bug Fixes

• firewall - Don't install python(3)-firewall it's a dependency of firewalld

[1.22.0-0.12] - 2023-06-22

New Features

• storage - Storage: mounted devices that are in use cannot be resized

Bug Fixes

• none

[1.22.0-0.11] - 2023-06-20

New Features

• kdump - support auto_reset_crashkernel, dracut_args, deprecate /etc/sysconfig/kdump

Bug Fixes

• none

[1.22.0-0.10] - 2023-06-07

New Features

• ad_integration - add ad_integration_force_rejoin

Bug Fixes

• none

[1.22.0-0.9] - 2023-06-06

New Features

• network - Support configuring auto-dns setting
• rhc - implement rhc_proxy.scheme
• selinux - use restorecon -T 0 on supported platforms
• storage - RFE for the storage system role to support configuring the stripe size for RAID LVM volumes

Bug Fixes

• none

[1.22.0-0.8] - 2023-05-30

New Features

• storage - [RFE] user-specified mount point owner and permissions

Bug Fixes

• storage - Cannot set chunk size for RAID: Unsupported parameters for (blivet) module: pools.raid_chunk_size

[1.22.0-0.7] - 2023-05-23

New Features

• none

Bug Fixes

• rhc - system role does not apply Insights tags
• tlog - use the proxy provider - the files provider is deprecated in sssd

[1.22.0-0.6] - 2023-05-04

New Features

• fingerprint in config files managed by roles
• ha_cluster - Add possibility to load SBD watchdog kernel modules
• ha_cluster - support for resource and operation defaults
• postgresql - [RFE] system role for PostgreSQL management

Bug Fixes

• none

[1.21.1] - 2023-03-16

New Features

• rhc - New Role - Red Hat subscription management, insights management

Bug Fixes

• none

[1.21.0] - 2023-02-20

New Features

• ad_integration - New role - manage AD integration, join to AD domain
• cockpit - convert cockpit role to use firewall, selinux role, and certificate role
• ha_cluster - Allow quorum device configuration
• ha_cluster - convert ha_cluster role to use firewall, selinux and certificate role
• journald - New role - manage systemd-journald
• logging - convert logging role to use firewall, selinux role, and certificate role
• metrics - convert metrics role to use firewall and selinux role
• nbde_server - convert nbde_server role to use firewall and selinux role
• network - Support cloned MAC address
• network - Support setting the metric of the default route for initscripts provider
• network - Support the DNS priority
• network - Support looking up named route table in routing rule
• podman - New role - manage podman containers and systemd
• postfix - convert postfix role to use firewall and selinux role
• selinux - add support for the 'local' parameter
• vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid
• vpn - convert vpn role to use firewall and selinux role

Bug Fixes

• ha_cluster - use no_log in tasks looping over pot. secret parameters
• ha_cluster - Allow enabled SBD on disabled cluster
• ha_cluster - Fix stonith watchdog timeout
• nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names
• nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data
• network - should route traffic via correct bond
• selinux - managing modules is not idempotent
• sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found
• tlog - Unconditionally enable the files provider

[1.20.1] - 2022-09-27

New Features

• ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles

Bug Fixes

• none

[1.20.0] - 2022-08-05

New Features

• cockpit - Add customization of port
• firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID
• firewall - support for firewall_config - gather firewall facts
• logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs
• selinux - Added setting of seuser and selevel for completeness

Bug Fixes

• nbde_client - Sets proper spacing for parameter rd.neednet=1
• network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence
• ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing
• storage - [RHEL9] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the loop_var value in the loop_control option for the task to something else to avoid variable collisions and unexpected behavior.

[1.19.3] - 2022-07-01

New Features

• firewall - support add/modify/delete services
• network - [RFE] [network] Support managing the network through nmstate schema
• storage - support for adding/removing disks to/from storage pools
• storage - support for attaching cache volumes to existing volumes

Bug Fixes

• firewall - forward_port should accept list of string or list of dict
• metrics - document minimum supported redis version required by rhel-system-roles
• metrics - restart pmie, pmlogger if changed, do not wait for handler
• storage - [RHEL9] _storage_test_pool_pvs get wrong data type in test-verify-pool-members.yml

[1.19.2] - 2022-06-15

New Features

• sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9

Bug Fixes

• none

[1.19.1] - 2022-06-13

New Features

• storage - support for creating and managing LVM thin pools/LVs
• All roles should support running with gather_facts: false

Bug Fixes

• none

[1.19.0] - 2022-06-06

New Features

• storage - support for creating and managing LVM thin pools/LVs
• firewall - state no longer required for masquerade and ICMP block inversion

Bug Fixes

• storage - role raid_level "striped" is not supported

[1.18.0] - 2022-05-02

New Features

• firewall - [Improvement] Allow System Role to reset to default Firewalld Settings
• metrics - [RFE] add an option to the metrics role to enable postfix metric collection
• network - Rework the infiniband support
• sshd - system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf"
• sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9

Bug Fixes

• storage - role cannot set mount_options for volumes

[1.17.0] - 2022-04-25

New Features

• All roles should support running with gather_facts: false
• ha_cluster - support advanced corosync configuration
• ha_cluster - support SBD fencing
• ha_cluster - add support for configuring bundle resources
• logging - Logging - RFE - support template, severity and facility options
• metrics - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]
• metrics - [RFE] add an option to the metrics role to enable postfix metric collection
• network - [RFE] Extend rhel-system-roles.network feature set to support routing rules
• postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default [rhel-9.1.0]
• storage - RFE storage Less verbosity by default

Bug Fixes

• firewall - Firewall system role Ansible deprecation warning related to "include"
• kernel_settings - error configobj not found on RHEL 8.6 managed hosts
• logging - tests fail during cleanup if no cloud-init on system
• metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run
• nbde_client - NBDE client system role does not support servers with static IP addresses [rhel-9.1.0]
• network - bond: fix typo in supporting the infiniband ports in active-backup mode [rhel-9.1.0]
• network - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]
• postfix - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]
• sshd - FIPS mode detection in SSHD role is wrong
• tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default

[1.16.3] - 2022-04-07

New Features

• none

Bug Fixes

• tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default

[1.16.2] - 2022-04-06

New Features

• nbde_client - NBDE client system role does not support servers with static IP addresses

Bug Fixes

• none

[1.16.1] - 2022-03-29

New Features

• nbde_client - NBDE client system role does not support servers with static IP addresses

Bug Fixes

• none

[1.16.0] - 2022-03-22

New Features

• network - consistently use ansible_managed in configuration files managed by role
• metrics - consistently use ansible_managed in configuration files managed by role
• postfix - consistently use ansible_managed in configuration files managed by role
• postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default

Bug Fixes

• network - bond: fix typo in supporting the infiniband ports in active-backup mode

[1.15.1] - 2022-03-03

New Features

• none

Bug Fixes

• kernel_settings - error configobj not found on RHEL 8.6 managed hosts
• timesync - timesync: basic-smoke test failure in timesync/tests_ntp.yml

[1.15.0] - 2022-03-01

New Features

• firewall - [RFE] - Firewall RHEL System Role should be able to set default zone

Bug Fixes

• metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run
• firewall - ensure target changes take effect immediately

[1.14.0] - 2022-02-21

New Features

• network - [RFE] Add more bonding options to rhel-system-roles.network
• certificate - should consistently use ansible_managed in hook scripts
• tlog - consistently use ansible_managed in configuration files managed by role
• vpn - consistently use ansible_managed in configuration files managed by role

Bug Fixes

• ha_cluster - set permissions for haclient group

[1.13.0] - 2022-02-14

New Features

• storage - RFE: Add support for RAID volumes (lvm-only)
• storage - RFE: Add support for cached volumes (lvm-only)
• nbde_client - NBDE client system role does not support servers with static IP addresses
• ha_cluster - [RFE] ha_cluster - Support for creating resource constraints (Location, Ordering, etc.)
• network - RFE: Support Routing Tables in static routes in Network Role

Bug Fixes

• metrics - role can't be re-run if the Grafana admin password has been changed
• network - Failure to activate connection: nm-manager-error-quark: No suitable device found for this connection
• network - Set DNS search setting only for enabled IP protocols

[1.12.1] - 2022-02-08

New Features

• none

Bug Fixes

• vpn - vpn: template error while templating string: no filter named 'vpn_ipaddr'
• kdump - kdump: Unable to start service kdump: Job for kdump.service failed because the control process exited with error code.

[1.12.0] - 2022-02-03

New Features

• Support ansible-core 2.11+

Bug Fixes

• logging - Logging role "logging_purge_confs" option not properly working
• kernel_settings - role should use ansible_managed in its configuration file

[1.11.0] - 2022-01-20

New Features

• Support ansible-core 2.11+
• cockpit - Please include "cockpit" role
• ssh - ssh/tests_all_options.yml: "assertion": "'StdinNull yes' in config.content | b64decode ", failure

Bug Fixes

• timesync - timesync: Failure related to missing ntp/ntpd package/service on RHEL-9 host
• logging - role missing quotes for immark module interval value
• kdump - kdump: support reboot required and reboot ok
• sshd - should detect FIPS mode and handle tasks correctly in FIPS mode

[1.10.0] - 2021-11-08

New Features

• cockpit - Please include "cockpit" role
• firewall - Ansible Roles for RHEL Firewall
• firewall - RFE: firewall-system-role: add ability to add-source
• firewall - RFE: firewall-system-role: allow user defined zones
• firewall - RFE: firewall-system-role: allow specifying the zone
• Support ansible-core 2.11+
• network - role: Allow to specify PCI address to configure profiles
• network - [RFE] support wifi Enhanced Open (OWE)
• network - [RFE] support WPA3 Simultaneous Authentication of Equals(SAE)
• network - [Network] RFE: Support ignoring default gateway retrieved by DHCP/IPv6-RA
• logging - [RFE] logging - Add user and password

Bug Fixes

• Replace # {{ ansible_managed }} with {{ ansible_managed | comment }}
• logging - role missing quotes for immark module interval value
• logging - Logging - Performance improvement
• nbde_client - add regenerate-all to the dracut command
• certificate - certificates: "group" option keeps certificates inaccessible to the group

[1.9.0] - 2021-10-26

New Features

• logging - [RFE] logging - Add user and password

Bug Fixes

• Replace # {{ ansible_managed }} with {{ ansible_managed | comment }}

[1.8.3] - 2021-08-26

New Features

• storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)

Bug Fixes

• none

[1.8.2] - 2021-08-24

New Features

• none

Bug Fixes

• logging - Update the certificates copy tasks

[1.8.1] - 2021-08-16

New Features

• none

Bug Fixes

• metrics - role: the bpftrace role does not properly configure bpftrace agent

[1.8.0] - 2021-08-12

New Features

• drop support for Ansible 2.8

Bug Fixes

• sshd - sshd: failed to validate: error:Missing Match criteria for all Bad Match condition

[1.7.5] - 2021-08-10

New Features

• logging - [RFE] logging - Add a support for list value to server_host in the elasticsearch output

Bug Fixes

• none

[1.7.4] - 2021-08-06

New Features

• none

Bug Fixes

• metrics - role: Grafana dashboard not working after metrics role run unless services manually restarted

[1.7.0] - 2021-07-28

New Features

• logging - [RFE] logging - Add a support for list value to server_host in the elasticsearch output
• storage - [RFE] storage: support volume sizes as a percentage of pool

Bug Fixes

• none

[1.6.0] - 2021-07-15

New Features

• ha_cluster - RFE: ha_cluster - add pacemaker cluster properties configuration

Bug Fixes

• none

[1.5.0] - 2021-07-15

New Features

• crypto_policies - rename 'policy modules' to 'subpolicies'

Bug Fixes

• none

[1.4.2] - 2021-07-15

New Features

• storage - storage: relabel doesn't support

Bug Fixes

• none

[1.4.1] - 2021-07-09

New Features

• none

Bug Fixes

• network - Re-running the network system role results in "changed: true" when nothing has actually changed

[1.4.0] - 2021-07-08

New Features

• storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)

Bug Fixes

• none

[1.3.0] - 2021-06-23

New Features

• storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)
• sshd - RFE: sshd - support for appending a snippet to configuration file
• timesync - RFE: timesync support for Network Time Security (NTS)

Bug Fixes

• postfix - Postfix RHEL system role README.md missing variables under the "Role Variables" section
• postfix - the postfix role is not idempotent
• selinux - task for semanage says Fedora in name but also runs on RHEL/CentOS 8
• metrics - role task to enable logging for targeted hosts not working
• sshd ssh - Unable to set sshd_hostkey_group and sshd_hostkey_mode

[1.2.3] - 2021-06-17

New Features

• main.yml: Add EL 9 support for all roles

Bug Fixes

• none

[1.2.2] - 2021-06-15

New Features

• none

Bug Fixes

• Internal links in README.md are broken

[1.2.1] - 2021-05-21

New Features

• none

Bug Fixes

• Internal links in README.md are broken

[1.2.0] - 2021-05-21

New Features

• network - role: Support ethtool -G|--set-ring options

Bug Fixes

• postfix - the postfix role is not idempotent
• postfix - postfix: Use FQRN in README
• postfix - Documentation error in rhel-system-roles postfix readme file
• storage - storage: calltrace observed when set type: partition for storage_pools
• ha_cluster - cannot read preshared key in binary format

[1.1.0] - 2021-05-13

New Features

• timesync - [RFE] support for free form configuration for chrony
• timesync - [RFE] support for timesync_max_distance to configure maxdistance/maxdist parameter
• timesync - [RFE] support for ntp xleave, filter, and hw timestamping
• selinux - [RFE] Ability to install custom SELinux module via Ansible
• network - support for ipv6_disabled to disable ipv6 for address
• vpn - [RFE] Release Ansible role for vpn in rhel-system-roles

Bug Fixes

• Bug fixes for Collection/Automation Hub
• timesync - do not use ignore_errors in timesync role
• selinux - rhel-system-roles should not reload the SELinux policy if its not changed

[0.6] - 2018-05-11

New Features

• RFE: Ansible rhel-system-roles.network: add ETHTOOL_OPTS, LINKDELAY, IPV4_FAILURE_FATAL

Bug Fixes

• none