+++ This bug was initially created as a clone of Bug #2044640 +++
Description of problem:
RHEL System Roles should consistently use ansible_managed to allow customers to customize the comment shown at the top of configuration files managed by RHEL System Roles. Some roles do not use ansible_managed, or have hard coded comments. For example, the kernel_settings role creates /etc/tuned/kernel_settings/tuned.conf with a hard coded comment.
Version-Release number of selected component (if applicable):
This is likely not limited to the kernel_settings role. All roles should be evaluated and updated as needed to use ansible_managed. Any roles updated to use ansible_managed should refer to https://bugzilla.redhat.com/show_bug.cgi?id=2006230 to ensure multi-line ansible_managed comments are supported.
--- Additional comment from Rich Megginson on 2022-01-25 02:46:04 UTC ---
postfix - uses the `postconf` command to set configuration - so no template used to generate /etc/postfix/main.cf - we could use the "trick" developed by https://github.com/linux-system-roles/kernel_settings/pull/72/files#diff-3d0ff1709ca48add100327bb2a468e6c508fb92a159c64c4f99ad1df89d9bddeR79 to generate the ansible_managed value, then use something like `lineinfile` to ensure that value is in main.cf
logging - looks good, but need to confirm
vpn - needs ansible_managed
timesync - good
kdump - good
cockpit - good
ssh - good
ha_cluster - need to see if file format supports commenting
tlog - needs comments
certificate - not sure - says it generates scripts but I cannot find how
crypto_policies - good
firewall - good
metrics - needs comments - but this will involve changes to ansible-pcp
mssql - needs comments
nbde_client, nbde_server - uses json format - not sure about comments
network - needs comments
selinux - good
storage - I think /etc/crypttab is not "owned" by the role
in addition - there may be some of the roles that generate config files in a non-standard way (e.g. like postfix with postfix-conf - not using the template module or lookup) that we will have to do some more investigation to find out
For the kernel_settings role, the role should update the ansible_managed header in /etc/tuned/kernel_settings/tuned.conf when ansible_managed has changed
1) run the kernel_settings role with some values
2) create ansible.cfg in the current directory like this:
ansible_managed = my
3) run the kernel_settings role again with the same values
4) verify that /etc/tuned/kernel_settings/tuned.conf has a header like this:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.