Back to bug 2119102
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2022-08-17 14:38:49 UTC | Pool ID | sst_system_roles_rhel_9 | |
| RHEL Program Management | 2022-08-17 14:38:58 UTC | Keywords | Triaged | |
| Rich Megginson | 2022-08-17 14:40:11 UTC | Target Release | --- | 9.2 |
| Link ID | Github linux-system-roles/vpn/pull/65 | |||
| Doc Type | If docs needed, set a value | Enhancement | ||
| Rich Megginson | 2022-08-17 14:43:07 UTC | Flags | needinfo?(mteixeira) needinfo?(dueno) | |
| CC | dueno, mteixeira | |||
| Red Hat One Jira (issues.redhat.com) | 2022-08-17 14:48:51 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-131342 | |
| Rich Megginson | 2022-08-18 22:46:04 UTC | Status | NEW | POST |
| Rich Megginson | 2022-08-18 22:52:02 UTC | Doc Text | Feature: Add support for the following tunnel parameters: shared_key_content, ike, esp, ikelifetime, salifetime, retransmit_timeout, dpddelay, dpdtimeout, dpdaction, leftupdown. Add support for the following per-host parameters: leftid, rightid. Reason: Some network devices require quite a bit of IPSec customization in order to work properly, so the vpn role needs to allow users to set those parameters. Note that most users will never have to set these. They should only be set by knowledgeable users. shared_key_content should be encrypted using Ansible Vault. Result: Users can use the vpn role to configure IPSec connectivity to a wide range of network devices. | |
| Flags | needinfo?(mteixeira) needinfo?(dueno) | |||
| Rich Megginson | 2022-08-18 22:52:47 UTC | Blocks | 2119600 | |
| Rich Megginson | 2022-11-21 22:04:12 UTC | CC | djez, efedin | |
| Flags | needinfo?(djez) needinfo?(efedin) | |||
| Evgeny Fedin | 2022-11-23 12:08:54 UTC | Fixed In Version | rhel-system-roles-1.21.0-0.5.el9 | |
| Flags | needinfo?(efedin) | |||
| Evgeny Fedin | 2022-11-23 12:09:54 UTC | QA Contact | rhel-cs-system-management-subsystem-qe | efedin |
| Rich Megginson | 2022-11-23 17:37:02 UTC | Status | POST | MODIFIED |
| errata-xmlrpc | 2022-11-23 17:39:11 UTC | Status | MODIFIED | ON_QA |
| Evgeny Fedin | 2023-01-13 12:40:11 UTC | Status | ON_QA | VERIFIED |
| Lucie Vařáková | 2023-02-13 14:16:39 UTC | Docs Contact | jafiala | |
| Jan Fiala | 2023-03-09 14:29:30 UTC | Flags | needinfo?(rmeggins) | |
| Doc Text | Feature: Add support for the following tunnel parameters: shared_key_content, ike, esp, ikelifetime, salifetime, retransmit_timeout, dpddelay, dpdtimeout, dpdaction, leftupdown. Add support for the following per-host parameters: leftid, rightid. Reason: Some network devices require quite a bit of IPSec customization in order to work properly, so the vpn role needs to allow users to set those parameters. Note that most users will never have to set these. They should only be set by knowledgeable users. shared_key_content should be encrypted using Ansible Vault. Result: Users can use the vpn role to configure IPSec connectivity to a wide range of network devices. | .The `vpn` RHEL System Role supports parameters for IPSec customization Because some network devices require IPSec customization, the following parameters were added to the `vpn` RHEL System Role: * Tunnel parameters: ** `shared_key_content` ** `ike` ** `esp` ** `ikelifetime` ** `salifetime` ** `retransmit_timeout` ** `dpddelay` ** `dpdtimeout` ** `dpdaction` ** `leftupdown` * Per-host parameters: * `leftid` * `rightid` As a result, you can use the `vpn` role to configure IPSec connectivity to various types of network devices. NOTE: In most use cases, you do not need to set these parameters. These parameters should be set only by experienced users. If you set `shared_key_content`, encrypt it by using Ansible Vault. |
||
| Rich Megginson | 2023-03-09 17:27:48 UTC | Flags | needinfo?(rmeggins) | |
| Red Hat Bugzilla | 2023-04-02 08:27:46 UTC | CC | nhosoi | |
| errata-xmlrpc | 2023-05-09 00:29:01 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2023-05-09 07:37:53 UTC | Resolution | --- | ERRATA |
| Status | RELEASE_PENDING | CLOSED | ||
| Last Closed | 2023-05-09 07:37:53 UTC | |||
| errata-xmlrpc | 2023-05-09 07:38:21 UTC | Link ID | Red Hat Product Errata RHEA-2023:2246 | |
| Pasi Karkkainen | 2023-05-14 13:28:07 UTC | CC | pasik | |
| Jan Fiala | 2023-05-15 09:24:43 UTC | Doc Text | .The `vpn` RHEL System Role supports parameters for IPSec customization Because some network devices require IPSec customization, the following parameters were added to the `vpn` RHEL System Role: * Tunnel parameters: ** `shared_key_content` ** `ike` ** `esp` ** `ikelifetime` ** `salifetime` ** `retransmit_timeout` ** `dpddelay` ** `dpdtimeout` ** `dpdaction` ** `leftupdown` * Per-host parameters: * `leftid` * `rightid` As a result, you can use the `vpn` role to configure IPSec connectivity to various types of network devices. NOTE: In most use cases, you do not need to set these parameters. These parameters should be set only by experienced users. If you set `shared_key_content`, encrypt it by using Ansible Vault. | .New IPsec customization parameters for the `vpn` RHEL System Role Because certain network devices require IPsec customization to work correctly, the following parameters have been added to the `vpn` RHEL System Role: [IMPORTANT] ==== Do not change the following parameters without advanced knowledge. Most scenarios do not require their customization. Furthermore, for security reasons, encrypt a value of the `shared_key_content` parameter by using Ansible Vault. ==== * Tunnel parameters: ** `shared_key_content` ** `ike` ** `esp` ** `ikelifetime` ** `salifetime` ** `retransmit_timeout` ** `dpddelay` ** `dpdtimeout` ** `dpdaction` ** `leftupdown` * Per-host parameters: * `leftid` * `rightid` As a result, you can use the `vpn` role to configure IPsec connectivity to a wide range of network devices. |
| David Jež | 2023-06-12 15:21:07 UTC | Flags | needinfo?(djez) | |
| Lenka Špačková | 2023-08-03 12:20:40 UTC | Doc Text | .New IPsec customization parameters for the `vpn` RHEL System Role Because certain network devices require IPsec customization to work correctly, the following parameters have been added to the `vpn` RHEL System Role: [IMPORTANT] ==== Do not change the following parameters without advanced knowledge. Most scenarios do not require their customization. Furthermore, for security reasons, encrypt a value of the `shared_key_content` parameter by using Ansible Vault. ==== * Tunnel parameters: ** `shared_key_content` ** `ike` ** `esp` ** `ikelifetime` ** `salifetime` ** `retransmit_timeout` ** `dpddelay` ** `dpdtimeout` ** `dpdaction` ** `leftupdown` * Per-host parameters: * `leftid` * `rightid` As a result, you can use the `vpn` role to configure IPsec connectivity to a wide range of network devices. | .New IPsec customization parameters for the `vpn` RHEL System Role Because certain network devices require IPsec customization to work correctly, the following parameters have been added to the `vpn` RHEL System Role: [IMPORTANT] ==== Do not change the following parameters without advanced knowledge. Most scenarios do not require their customization. Furthermore, for security reasons, encrypt a value of the `shared_key_content` parameter by using Ansible Vault. ==== * Tunnel parameters: ** `shared_key_content` ** `ike` ** `esp` ** `ikelifetime` ** `salifetime` ** `retransmit_timeout` ** `dpddelay` ** `dpdtimeout` ** `dpdaction` ** `leftupdown` * Per-host parameters: ** `leftid` ** `rightid` As a result, you can use the `vpn` role to configure IPsec connectivity to a wide range of network devices. |
Back to bug 2119102