d8824b8411
Resolves: RHEL-67411 : aide - New role aide to manage system integrity checking [rhel-10] Resolves: RHEL-67412 : firewall - fix: Prevent interface definitions overriding 'changed' value when other elements are changed [rhel-10] Resolves: RHEL-67286 : logging - [RFE] Add methods to define and set up custom templates in the logging role of RHEL systems roles [rhel-10] Resolves: RHEL-67413 : metrics - fix: add support for Valkey [rhel-10] Resolves: RHEL-67416 : network - Support autoconnect_retries in the network role [rhel-10] Resolves: RHEL-67415 : network - Support may-fail in the network role [rhel-10] Resolves: RHEL-67417 : podman - support the pod quadlet type [rhel-10] Resolves: RHEL-67418 : postgresql - postgresql role: The postgresql_cert_name variable doesn't work with existing certificates [rhel-10] Resolves: RHEL-67419 : sudo - feat: Add variable that handles semantic check for sudoers [rhel-10] Resolves: RHEL-67420 : systemd - support management of user units [rhel-10] Resolves: RHEL-67421 : vpn - no ansible-doc for redhat.rhel_system_roles.vpn_ipaddr [rhel-10]
42 KiB
42 KiB
Changelog
[1.90.0] - 2024-11-12
New Features
- aide - New role aide to manage system integrity checking [rhel-10]
- ha_cluster - [RFE] rhel_system_roles.ha_cluster - export corosync configuration
- logging - [RFE] Add methods to define and set up custom templates in the logging role of RHEL systems roles [rhel-10]
- network - Support autoconnect_retries in the network role [rhel-10]
- network - Support may-fail in the network role [rhel-10]
- podman - support the pod quadlet type [rhel-10]
- sudo - feat: Add variable that handles semantic check for sudoers [rhel-10]
- systemd - support management of user units [rhel-10]
Bug Fixes
- firewall - fix: Prevent interface definitions overriding 'changed' value when other elements are changed [rhel-10]
- metrics - fix: add support for Valkey [rhel-10]
- postgresql - postgresql role: The postgresql_cert_name variable doesn't work with existing certificates [rhel-10]
- vpn - no ansible-doc for redhat.rhel_system_roles.vpn_ipaddr [rhel-10]
[1.88.9] - 2024-09-13
New Features
- bootloader - bootloader role tests do not work on ostree [rhel-10]
- gfs2 - add gfs2 system role [rhel-10]
- ha_cluster - [RFE] rhel_system_roles.ha_cluster - ACL Support [rhel-10]
- ha_cluster - [RFE] make it easier to install cloud agents [rhel-10]
- ha_cluster - [RFE] ha_cluster_node_options allows per-node addresses and SBD options to be set [rhel-10]
- ha_cluster - [RFE] rhel_system_roles.ha_cluster - Utilization Support [rhel-10]
- ha_cluster - alerts support
- journald - feat: Add options for rate limit interval and burst [rhel-10]
- logging - RFE - system-roles - logging: Add truncate options for local file inputs
- logging - redhat.rhel_system_roles.logging role fails to process logging_outputs: of type: "custom"
- logging - [RFE] Add the umask settings or enable a variable in linux-system-roles.logging
- nbde_client - feat: Allow initrd configuration to be skipped
- network - support route src parameter
- podman - podman role should support containers-auth.json [rhel-10]
- podman - podman role should support default credentials and per-unit credentials [rhel-10]
- podman - feat: manage TLS cert/key files for registry connections and validate certs [rhel-10]
- postfix - feat: Added postfix_files feature as a simple means to add extra files/maps to config
- snapshot - feat: rewrite snapshot.py as an Ansible module / add support for thin origins
- ssh - feat: Add new configuration options and remove false positives in the test
- storage - Fingerprint storage RHEL System Role managed config files
- storage - [RFE] manage stratis [rhel-10]
- storage - [RHEL9][RFE] resize LVM PVs [rhel-10]
- sudo - Add sudo system role EL10
Bug Fixes
- - package rhel-system-roles.noarch does not provide docs for ansible-doc [rhel-10]
- ad_integration - fix: Sets domain name lower case in realmd.conf section header [rhel-10]
- bootloader - fix: Set user.cfg path to /boot/grub2/ on EL 9 UEFI [rhel-10]
- cockpit - cockpit install all wildcard match does not work in newer el9
- ha_cluster - Fix inconsistent approach for multiple
attributes.attrsinha_cluster_node_options[rhel-10] - ha_cluster - Fixes for new pcs and ansible
- kdump - [RHEL-10] rhel-system-roles should depend on kdump-utils
- kernel_settings - fix: Use tuned files instead of using it as a module
- logging - Setup imuxsock using rhel-system-roles.logging causing an error EL10
- network - Make sure that the network role CI is solid robust [rhel-10]
- network - Fix testing Failures due to connection.autoconnect-ports Unknown Property [rhel-10]
- podman - Create podman secret when skip_existing=True and it does not exist [rhel-10]
- podman - fix: proper cleanup for networks; ensure cleanup of resources
- podman - fix: grab name of network to remove from quadlet file
- podman - fix: use correct user for cancel linger file name [rhel-10]
- podman - fix: do not use become for changing hostdir ownership, and expose subuid/subgid info [rhel-10]
- podman - fails to configure and run containers with podman rootless using different username and groupname
- rhc - fix: drop usage of "auto_attach" of the "redhat_subscription" module
- sshd - second SSHD service broken [rhel-10]
- storage - [RHEL8 ] var unused_disks get different sector size disks [rhel-10]
- storage - rhel-system-role.storage is not idempotent [rhel-10]
[1.23.0] - 2024-01-15
New Features
- Use .README.html in spec instead of generating it
- RHEL for Edge support in system roles
- ad_integration - feat: Add sssd custom settings
- ad_integration - Enable AD dynamic DNS updates
- ad_integration - feat: add ad_integration_preserve_authselect_profile
- ad_integration - feat: Add SSSD parameters support
- bootloader - Create bootloader role (MVP)
- fapolicyd - feat: Import code for fapolicyd system role
- ha_cluster - [RFE] HA Cluster system role should be able to enable Resilient Storage repository
- ha_cluster - [FutureFeature] Allow ha_cluster role to configure all qdevice options
- ha_cluster - [FutureFeature] Allow ha_cluster role to configure fencing topology
- ha_cluster - Setting cluster members attributes
- journald - feat: Add support for ForwardToSyslog
- logging - feat: Add support for the global config option preserveFQDN
- logging - feat: Add support for general queue and general action parameters
- metrics - [RFE] Metrics system role support for configuring PMIE webhooks
- network - Add blackhole type route
- postgresql - feat: Enable support for Postgresql 16
- rhc - support RHEL 7 managed nodes
- rhc - new rhc_insights.ansible_host parameter
- rhc - new rhc_insights.display_name parameter
- snapshot - New Role for storage snapshot management (lvm, etc.)
- sshd - ansible-sshd Manage SSH certificates
- storage - feat: Support for creating volumes without a FS
- storage - Basic support for creating shared logical volumes
Bug Fixes
- ha_cluster - high-availability firewall service is not added on qdevice node
- ha_cluster - Timeout issue between SBD with delay-start and systemd unit
- kdump - fix: retry read of kexec_crash_size
- keylime_server - won't detect registrar start failure
- logging - fix: check that logging_max_message_size is set, not rsyslog_max_message_size
- logging - fix: avoid conf of RatelimitBurst when RatelimitInterval is zero
- nbde_server - fix: Allow tangd socket override directory to be managed outside of the role
- network - Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"
- podman - fix: add no_log: true for tasks that can log secret data
- podman - fix: cast secret data to string in order to allow JSON valued strings
- podman - fix: name of volume quadlet service should be basename-volume.service
- podman - fix: user linger needed before secrets
- postgresql - unable to install PostgreSQL version 15 on RHEL
- selinux - fix: Use
ignore_selinux_statemodule option - selinux - fix: Print an error message when module to be created doesn't exist
- selinux - fix: no longer use "item" as a loop variable
[1.22.0] - 2023-08-15
New Features
- ALL - fingerprint in config files managed by roles
- ad_integration - add ad_integration_force_rejoin
- certificate - add mode parameter to change permissions for cert files
- firewall - missing module in linux-system-roles.firewall to create an ipset
- firewall - should have option to disable conflicting services
- ha_cluster - Add possibility to load SBD watchdog kernel modules
- ha_cluster - support for resource and operation defaults
- kdump - support auto_reset_crashkernel, dracut_args, deprecate /etc/sysconfig/kdump
- keylime_server - New role - system role for managing keylime servers
- network - Support no-aaaa DNS option
- network - Support configuring auto-dns setting
- podman - support quadlet units
- podman - allow container networking configuration
- podman - support for healthchecks and healthcheck actions
- podman - use getsubids to look for subuid, subgid for IdM support
- podman - allow to not pull images, continue if image pull fails
- postgresql - New role - system role for PostgreSQL management
- rhc - implement rhc_proxy.scheme
- selinux - use restorecon -T 0 on supported platforms
- ssh - add ssh_backup option with default true
- storage - mounted devices that are in use cannot be resized
- storage - support configuring the stripe size for RAID LVM volumes
- storage - user-specified mount point owner and permissions
- systemd - New role - system role for managing systemd units
Bug Fixes
- ALL - facts being gathered unnecessarily
- ad_integration - leaks credentials when in check_mode
- certificate - does not re-issue after updating key_size
- firewall - fix: reload on resetting to defaults
- firewall - Check mode fails with replacing previous rules
- firewall - Check mode fails when creating new firewall service
- firewall - Ansible RHEL firewall system role not idempotent when configuring the interface using the role in rhel9
- firewall - Don't install python(3)-firewall it's a dependency of firewalld
- firewall - fix: files: overwrite firewalld.conf on previous replaced
- kdump - use failure_action instead of default on EL9 and later
- kdump - "Write new authorized_keys if needed" task idempotency issues
- kdump - system role fails if kdump_ssh_user doesn't have a .ssh/authorized_keys file in home directory
- kdump - fix: ensure .ssh directory exists for kdump_ssh_user on kdump_ssh_server
- kdump - fix: Ensure authorized_keys management works with multiple hosts
- podman - Podman system role: Unable to use podman_registries_conf to set unqualified-search-registries
- rhc - system role does not apply Insights tags
- storage - RAID volume pre cleanup - remove existing data from member disks as needed before creation
- storage - Cannot set chunk size for RAID: Unsupported parameters for (blivet) module: pools.raid_chunk_size
- storage - fix: use stat.pw_name, stat.gr_name instead of owner, group
- tlog - use the proxy provider - the files provider is deprecated in sssd
[1.21.1] - 2023-03-16
New Features
Bug Fixes
- none
[1.21.0] - 2023-02-20
New Features
- ad_integration - New role - manage AD integration, join to AD domain
- cockpit - convert cockpit role to use firewall, selinux role, and certificate role
- ha_cluster - Allow quorum device configuration
- ha_cluster - convert ha_cluster role to use firewall, selinux and certificate role
- journald - New role - manage systemd-journald
- logging - convert logging role to use firewall, selinux role, and certificate role
- metrics - convert metrics role to use firewall and selinux role
- nbde_server - convert nbde_server role to use firewall and selinux role
- network - Support cloned MAC address
- network - Support setting the metric of the default route for initscripts provider
- network - Support the DNS priority
- network - Support looking up named route table in routing rule
- podman - New role - manage podman containers and systemd
- postfix - convert postfix role to use firewall and selinux role
- selinux - add support for the 'local' parameter
- vpn - Add parameters shared_key_content, ike, esp, type, leftid, rightid
- vpn - convert vpn role to use firewall and selinux role
Bug Fixes
- ha_cluster - use no_log in tasks looping over pot. secret parameters
- ha_cluster - Allow enabled SBD on disabled cluster
- ha_cluster - Fix stonith watchdog timeout
- nbde_client - must handle clevis-luks-askpass and clevis-luks-askpass@ systemd unit names
- nbde_client - nbde_client_clevis fails with a traceback and prints sensitive data
- network - should route traffic via correct bond
- selinux - managing modules is not idempotent
- sshd,ssh,timesync - Unexpected templating type error - expected str instance, int found
- tlog - Unconditionally enable the files provider
[1.20.1] - 2022-09-27
New Features
Bug Fixes
- none
[1.20.0] - 2022-08-05
New Features
- cockpit - Add customization of port
- firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID
- firewall - support for firewall_config - gather firewall facts
- logging - [RFE] Support startmsg.regex and endmsg.regex in the files inputs
- selinux - Added setting of seuser and selevel for completeness
Bug Fixes
- nbde_client - Sets proper spacing for parameter rd.neednet=1
- network - fix IPRouteUtils.get_route_tables_mapping() to accept any whitespace sequence
- ssh sshd - ssh, sshd: RSAMinSize parameter definition is missing
- storage - [RHEL9] [WARNING]: The loop variable 'storage_test_volume' is already in use. You should set the
loop_varvalue in theloop_controloption for the task to something else to avoid variable collisions and unexpected behavior.
[1.19.3] - 2022-07-01
New Features
- firewall - support add/modify/delete services
- network - [RFE] [network] Support managing the network through nmstate schema
- storage - support for adding/removing disks to/from storage pools
- storage - support for attaching cache volumes to existing volumes
Bug Fixes
- firewall - forward_port should accept list of string or list of dict
- metrics - document minimum supported redis version required by rhel-system-roles
- metrics - restart pmie, pmlogger if changed, do not wait for handler
- storage - [RHEL9] _storage_test_pool_pvs get wrong data type in test-verify-pool-members.yml
[1.19.2] - 2022-06-15
New Features
Bug Fixes
- none
[1.19.1] - 2022-06-13
New Features
- storage - support for creating and managing LVM thin pools/LVs
- All roles should support running with gather_facts: false
Bug Fixes
- none
[1.19.0] - 2022-06-06
New Features
- storage - support for creating and managing LVM thin pools/LVs
- firewall - state no longer required for masquerade and ICMP block inversion
Bug Fixes
[1.18.0] - 2022-05-02
New Features
- firewall - [Improvement] Allow System Role to reset to default Firewalld Settings
- metrics - [RFE] add an option to the metrics role to enable postfix metric collection
- network - Rework the infiniband support
- sshd - system role should not assume that RHEL 9 /etc/ssh/sshd_config has "Include > /etc/ssh/sshd_config.d/*.conf"
- sshd - system role should be able to optionally manage /etc/ssh/sshd_config on RHEL 9
Bug Fixes
[1.17.0] - 2022-04-25
New Features
- All roles should support running with gather_facts: false
- ha_cluster - support advanced corosync configuration
- ha_cluster - support SBD fencing
- ha_cluster - add support for configuring bundle resources
- logging - Logging - RFE - support template, severity and facility options
- metrics - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]
- metrics - [RFE] add an option to the metrics role to enable postfix metric collection
- network - [RFE] Extend rhel-system-roles.network feature set to support routing rules
- postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default [rhel-9.1.0]
- storage - RFE storage Less verbosity by default
Bug Fixes
- firewall - Firewall system role Ansible deprecation warning related to "include"
- kernel_settings - error configobj not found on RHEL 8.6 managed hosts
- logging - tests fail during cleanup if no cloud-init on system
- metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run
- nbde_client - NBDE client system role does not support servers with static IP addresses [rhel-9.1.0]
- network - bond: fix typo in supporting the infiniband ports in active-backup mode [rhel-9.1.0]
- network - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]
- postfix - consistently use ansible_managed in configuration files managed by role [rhel-9.1.0]
- sshd - FIPS mode detection in SSHD role is wrong
- tlog - Tlog role - Enabling session recording configuration does not work due to RHEL9 SSSD files provider default
[1.16.3] - 2022-04-07
New Features
- none
Bug Fixes
[1.16.2] - 2022-04-06
New Features
Bug Fixes
- none
[1.16.1] - 2022-03-29
New Features
Bug Fixes
- none
[1.16.0] - 2022-03-22
New Features
- network - consistently use ansible_managed in configuration files managed by role
- metrics - consistently use ansible_managed in configuration files managed by role
- postfix - consistently use ansible_managed in configuration files managed by role
- postfix - Postfix RHEL System Role should provide the ability to replace config and reset configuration back to default
Bug Fixes
[1.15.1] - 2022-03-03
New Features
- none
Bug Fixes
- kernel_settings - error configobj not found on RHEL 8.6 managed hosts
- timesync - timesync: basic-smoke test failure in timesync/tests_ntp.yml
[1.15.0] - 2022-03-01
New Features
Bug Fixes
- metrics - Metrics role, with "metrics_from_mssql" option does not configure /var/lib/pcp/pmdas/mssql/mssql.conf on first run
- firewall - ensure target changes take effect immediately
[1.14.0] - 2022-02-21
New Features
- network - [RFE] Add more bonding options to rhel-system-roles.network
- certificate - should consistently use ansible_managed in hook scripts
- tlog - consistently use ansible_managed in configuration files managed by role
- vpn - consistently use ansible_managed in configuration files managed by role
Bug Fixes
[1.13.0] - 2022-02-14
New Features
- storage - RFE: Add support for RAID volumes (lvm-only)
- storage - RFE: Add support for cached volumes (lvm-only)
- nbde_client - NBDE client system role does not support servers with static IP addresses
- ha_cluster - [RFE] ha_cluster - Support for creating resource constraints (Location, Ordering, etc.)
- network - RFE: Support Routing Tables in static routes in Network Role
Bug Fixes
- metrics - role can't be re-run if the Grafana admin password has been changed
- network - Failure to activate connection: nm-manager-error-quark: No suitable device found for this connection
- network - Set DNS search setting only for enabled IP protocols
[1.12.1] - 2022-02-08
New Features
- none
Bug Fixes
- vpn - vpn: template error while templating string: no filter named 'vpn_ipaddr'
- kdump - kdump: Unable to start service kdump: Job for kdump.service failed because the control process exited with error code.
[1.12.0] - 2022-02-03
New Features
Bug Fixes
- logging - Logging role "logging_purge_confs" option not properly working
- kernel_settings - role should use ansible_managed in its configuration file
[1.11.0] - 2022-01-20
New Features
- Support ansible-core 2.11+
- cockpit - Please include "cockpit" role
- ssh - ssh/tests_all_options.yml: "assertion": "'StdinNull yes' in config.content | b64decode ", failure
Bug Fixes
- timesync - timesync: Failure related to missing ntp/ntpd package/service on RHEL-9 host
- logging - role missing quotes for immark module interval value
- kdump - kdump: support reboot required and reboot ok
- sshd - should detect FIPS mode and handle tasks correctly in FIPS mode
[1.10.0] - 2021-11-08
New Features
- cockpit - Please include "cockpit" role
- firewall - Ansible Roles for RHEL Firewall
- firewall - RFE: firewall-system-role: add ability to add-source
- firewall - RFE: firewall-system-role: allow user defined zones
- firewall - RFE: firewall-system-role: allow specifying the zone
- Support ansible-core 2.11+
- network - role: Allow to specify PCI address to configure profiles
- network - [RFE] support wifi Enhanced Open (OWE)
- network - [RFE] support WPA3 Simultaneous Authentication of Equals(SAE)
- network - [Network] RFE: Support ignoring default gateway retrieved by DHCP/IPv6-RA
- logging - [RFE] logging - Add user and password
Bug Fixes
- Replace
# {{ ansible_managed }}with{{ ansible_managed | comment }} - logging - role missing quotes for immark module interval value
- logging - Logging - Performance improvement
- nbde_client - add regenerate-all to the dracut command
- certificate - certificates: "group" option keeps certificates inaccessible to the group
[1.9.0] - 2021-10-26
New Features
Bug Fixes
[1.8.3] - 2021-08-26
New Features
Bug Fixes
- none
[1.8.2] - 2021-08-24
New Features
- none
Bug Fixes
[1.8.1] - 2021-08-16
New Features
- none
Bug Fixes
[1.8.0] - 2021-08-12
New Features
Bug Fixes
[1.7.5] - 2021-08-10
New Features
Bug Fixes
- none
[1.7.4] - 2021-08-06
New Features
- none
Bug Fixes
[1.7.0] - 2021-07-28
New Features
- logging - [RFE] logging - Add a support for list value to server_host in the elasticsearch output
- storage - [RFE] storage: support volume sizes as a percentage of pool
Bug Fixes
- none
[1.6.0] - 2021-07-15
New Features
Bug Fixes
- none
[1.5.0] - 2021-07-15
New Features
Bug Fixes
- none
[1.4.2] - 2021-07-15
New Features
Bug Fixes
- none
[1.4.1] - 2021-07-09
New Features
- none
Bug Fixes
[1.4.0] - 2021-07-08
New Features
Bug Fixes
- none
[1.3.0] - 2021-06-23
New Features
- storage - RFE: Request that VDO be added to the Ansible (redhat-system-roles)
- sshd - RFE: sshd - support for appending a snippet to configuration file
- timesync - RFE: timesync support for Network Time Security (NTS)
Bug Fixes
- postfix - Postfix RHEL system role README.md missing variables under the "Role Variables" section
- postfix - the postfix role is not idempotent
- selinux - task for semanage says Fedora in name but also runs on RHEL/CentOS 8
- metrics - role task to enable logging for targeted hosts not working
- sshd ssh - Unable to set sshd_hostkey_group and sshd_hostkey_mode
[1.2.3] - 2021-06-17
New Features
Bug Fixes
- none
[1.2.2] - 2021-06-15
New Features
- none
Bug Fixes
[1.2.1] - 2021-05-21
New Features
- none
Bug Fixes
[1.2.0] - 2021-05-21
New Features
Bug Fixes
- postfix - the postfix role is not idempotent
- postfix - postfix: Use FQRN in README
- postfix - Documentation error in rhel-system-roles postfix readme file
- storage - storage: calltrace observed when set type: partition for storage_pools
- ha_cluster - cannot read preshared key in binary format
[1.1.0] - 2021-05-13
New Features
- timesync - [RFE] support for free form configuration for chrony
- timesync - [RFE] support for timesync_max_distance to configure maxdistance/maxdist parameter
- timesync - [RFE] support for ntp xleave, filter, and hw timestamping
- selinux - [RFE] Ability to install custom SELinux module via Ansible
- network - support for ipv6_disabled to disable ipv6 for address
- vpn - [RFE] Release Ansible role for vpn in rhel-system-roles
Bug Fixes
- Bug fixes for Collection/Automation Hub
- timesync - do not use ignore_errors in timesync role
- selinux - rhel-system-roles should not reload the SELinux policy if its not changed
[0.6] - 2018-05-11
New Features
Bug Fixes
- none