Bug 2044640

Summary: RHEL System Roles should consistently use ansible_managed in configuration files it manages
Product: Red Hat Enterprise Linux 8 Reporter: Brian Smith <briasmit>
Component: rhel-system-rolesAssignee: Rich Megginson <rmeggins>
Status: CLOSED NEXTRELEASE QA Contact: CS System Management SST QE <rhel-cs-system-management-subsystem-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.5CC: nhosoi, spetrosi
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2047504 2054363 2054364 2054365 2057645 2057647 2057651 2057652 2057656 2057657 2057661 2057662 (view as bug list) Environment:
Last Closed: 2022-04-06 14:10:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2047504, 2047506, 2054363, 2054364, 2054365, 2054367, 2054368, 2054369, 2057645, 2057647, 2057651, 2057652, 2057656, 2057657, 2057661, 2057662, 2064690    

Description Brian Smith 2022-01-24 21:18:47 UTC 
Description of problem:
RHEL System Roles should consistently use ansible_managed to allow customers to customize the comment shown at the top of configuration files managed by RHEL System Roles.  Some roles do not use ansible_managed, or have hard coded comments.  For example, the kernel_settings role creates /etc/tuned/kernel_settings/tuned.conf with a hard coded comment.  


Version-Release number of selected component (if applicable):
rhel-system-roles-1.7.3-2.el8.noarch


Additional info:
This is likely not limited to the kernel_settings role.  All roles should be evaluated and updated as needed to use ansible_managed.  Any roles updated to use ansible_managed should refer to https://bugzilla.redhat.com/show_bug.cgi?id=2006230 to ensure multi-line ansible_managed comments are supported.
Comment 1 Rich Megginson 2022-01-25 02:46:04 UTC 
kernel_settings https://github.com/linux-system-roles/kernel_settings/pull/72
postfix - uses the `postconf` command to set configuration - so no template used to generate /etc/postfix/main.cf - we could use the "trick" developed by https://github.com/linux-system-roles/kernel_settings/pull/72/files#diff-3d0ff1709ca48add100327bb2a468e6c508fb92a159c64c4f99ad1df89d9bddeR79 to generate the ansible_managed value, then use something like `lineinfile` to ensure that value is in main.cf
logging - looks good, but need to confirm
vpn - needs ansible_managed
timesync - good
kdump - good
cockpit - good
ssh - good
ha_cluster - need to see if file format supports commenting
tlog - needs comments
certificate - not sure - says it generates scripts but I cannot find how
crypto_policies - good
firewall - good
metrics - needs comments - but this will involve changes to ansible-pcp
mssql - needs comments
nbde_client, nbde_server - uses json format - not sure about comments
network - needs comments
selinux - good
storage - I think /etc/crypttab is not "owned" by the role

in addition - there may be some of the roles that generate config files in a non-standard way (e.g. like postfix with postfix-conf - not using the template module or lookup) that we will have to do some more investigation to find out