2047504 – kernel_settings role should use ansible_managed in its configuration file

Bug 2047504 - kernel_settings role should use ansible_managed in its configuration file

Summary: kernel_settings role should use ansible_managed in its configuration file

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Deadline:	2022-02-08
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	rhel-system-roles
Sub Component:
Version:	8.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.6
Assignee:	Rich Megginson
QA Contact:	David Jež
Docs Contact:	Jaroslav Klech
URL:
Whiteboard:	role:kernel_settings
Depends On:	2044640 2054363 2054364 2054365 2054367 2054368 2054369 2057645 2057647 2057651 2057652 2057656 2057657 2057661 2057662 2064690
Blocks:	2047506
TreeView+	depends on / blocked

Reported:	2022-01-27 23:01 UTC by Rich Megginson
Modified:	2022-05-10 14:39 UTC (History)
CC List:	8 users (show)
Fixed In Version:	rhel-system-roles-1.12.0-1.el8
Doc Type:	Bug Fix
Doc Text:	.The `/etc/tuned/kernel_settings/tuned.conf` file has a proper `ansible_managed` header Previously, the Kernel settings RHEL System Role had a hard-coded value for the `ansible_managed` header in the `/etc/tuned/kernel_settings/tuned.conf` file. Consequently, users could not provide their custom `ansible_managed` header. In this update, the problem has been fixed so that `kernel_settings` updates the header of `/etc/tuned/kernel_settings/tuned.conf` with user's `ansible_managed` setting. As a result, `/etc/tuned/kernel_settings/tuned.conf` has a proper `ansible_managed` header.
Clone Of:	2044640
Clones:	2047506 (view as bug list)
Environment:
Last Closed:	2022-05-10 14:12:50 UTC
Type:	Bug
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	linux-system-roles kernel_settings pull 72	None	Merged	make tuned.conf have correct ansible_managed comment	2022-01-27 23:01:45 UTC
Red Hat Issue Tracker	RHELPLAN-110122	None	None	None	2022-01-27 23:02:40 UTC
Red Hat Product Errata	RHBA-2022:1896	None	None	None	2022-05-10 14:13:03 UTC

Description Rich Megginson 2022-01-27 23:01:45 UTC

+++ This bug was initially created as a clone of Bug #2044640 +++

Description of problem:
RHEL System Roles should consistently use ansible_managed to allow customers to customize the comment shown at the top of configuration files managed by RHEL System Roles.  Some roles do not use ansible_managed, or have hard coded comments.  For example, the kernel_settings role creates /etc/tuned/kernel_settings/tuned.conf with a hard coded comment.  


Version-Release number of selected component (if applicable):
rhel-system-roles-1.7.3-2.el8.noarch


Additional info:
This is likely not limited to the kernel_settings role.  All roles should be evaluated and updated as needed to use ansible_managed.  Any roles updated to use ansible_managed should refer to https://bugzilla.redhat.com/show_bug.cgi?id=2006230 to ensure multi-line ansible_managed comments are supported.

--- Additional comment from Rich Megginson on 2022-01-25 02:46:04 UTC ---

kernel_settings https://github.com/linux-system-roles/kernel_settings/pull/72
postfix - uses the `postconf` command to set configuration - so no template used to generate /etc/postfix/main.cf - we could use the "trick" developed by https://github.com/linux-system-roles/kernel_settings/pull/72/files#diff-3d0ff1709ca48add100327bb2a468e6c508fb92a159c64c4f99ad1df89d9bddeR79 to generate the ansible_managed value, then use something like `lineinfile` to ensure that value is in main.cf
logging - looks good, but need to confirm
vpn - needs ansible_managed
timesync - good
kdump - good
cockpit - good
ssh - good
ha_cluster - need to see if file format supports commenting
tlog - needs comments
certificate - not sure - says it generates scripts but I cannot find how
crypto_policies - good
firewall - good
metrics - needs comments - but this will involve changes to ansible-pcp
mssql - needs comments
nbde_client, nbde_server - uses json format - not sure about comments
network - needs comments
selinux - good
storage - I think /etc/crypttab is not "owned" by the role

in addition - there may be some of the roles that generate config files in a non-standard way (e.g. like postfix with postfix-conf - not using the template module or lookup) that we will have to do some more investigation to find out


For the kernel_settings role, the role should update the ansible_managed header in /etc/tuned/kernel_settings/tuned.conf when ansible_managed has changed

Steps:
1) run the kernel_settings role with some values
2) create ansible.cfg in the current directory like this:

[defaults]
ansible_managed = my
 ansible
 managed
 value

3) run the kernel_settings role again with the same values
4) verify that /etc/tuned/kernel_settings/tuned.conf has a header like this:

#
# my
# ansible
# managed
# value
#

Comment 12 errata-xmlrpc 2022-05-10 14:12:50 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1896

Note You need to log in before you can comment on or make changes to this bug.