Bug 2047504 - kernel_settings role should use ansible_managed in its configuration file
Summary: kernel_settings role should use ansible_managed in its configuration file
Alias: None
Deadline: 2022-02-08
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: rhel-system-roles
Version: 8.6
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 8.6
Assignee: Rich Megginson
QA Contact: David Jež
Jaroslav Klech
Whiteboard: role:kernel_settings
Depends On: 2044640 2054363 2054364 2054365 2054367 2054368 2054369 2057645 2057647 2057651 2057652 2057656 2057657 2057661 2057662 2064690
Blocks: 2047506
TreeView+ depends on / blocked
Reported: 2022-01-27 23:01 UTC by Rich Megginson
Modified: 2022-05-10 14:39 UTC (History)
8 users (show)

Fixed In Version: rhel-system-roles-1.12.0-1.el8
Doc Type: Bug Fix
Doc Text:
.The `/etc/tuned/kernel_settings/tuned.conf` file has a proper `ansible_managed` header Previously, the Kernel settings RHEL System Role had a hard-coded value for the `ansible_managed` header in the `/etc/tuned/kernel_settings/tuned.conf` file. Consequently, users could not provide their custom `ansible_managed` header. In this update, the problem has been fixed so that `kernel_settings` updates the header of `/etc/tuned/kernel_settings/tuned.conf` with user's `ansible_managed` setting. As a result, `/etc/tuned/kernel_settings/tuned.conf` has a proper `ansible_managed` header.
Clone Of: 2044640
: 2047506 (view as bug list)
Last Closed: 2022-05-10 14:12:50 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github linux-system-roles kernel_settings pull 72 0 None Merged make tuned.conf have correct ansible_managed comment 2022-01-27 23:01:45 UTC
Red Hat Issue Tracker RHELPLAN-110122 0 None None None 2022-01-27 23:02:40 UTC
Red Hat Product Errata RHBA-2022:1896 0 None None None 2022-05-10 14:13:03 UTC

Description Rich Megginson 2022-01-27 23:01:45 UTC
+++ This bug was initially created as a clone of Bug #2044640 +++

Description of problem:
RHEL System Roles should consistently use ansible_managed to allow customers to customize the comment shown at the top of configuration files managed by RHEL System Roles.  Some roles do not use ansible_managed, or have hard coded comments.  For example, the kernel_settings role creates /etc/tuned/kernel_settings/tuned.conf with a hard coded comment.  

Version-Release number of selected component (if applicable):

Additional info:
This is likely not limited to the kernel_settings role.  All roles should be evaluated and updated as needed to use ansible_managed.  Any roles updated to use ansible_managed should refer to https://bugzilla.redhat.com/show_bug.cgi?id=2006230 to ensure multi-line ansible_managed comments are supported.

--- Additional comment from Rich Megginson on 2022-01-25 02:46:04 UTC ---

kernel_settings https://github.com/linux-system-roles/kernel_settings/pull/72
postfix - uses the `postconf` command to set configuration - so no template used to generate /etc/postfix/main.cf - we could use the "trick" developed by https://github.com/linux-system-roles/kernel_settings/pull/72/files#diff-3d0ff1709ca48add100327bb2a468e6c508fb92a159c64c4f99ad1df89d9bddeR79 to generate the ansible_managed value, then use something like `lineinfile` to ensure that value is in main.cf
logging - looks good, but need to confirm
vpn - needs ansible_managed
timesync - good
kdump - good
cockpit - good
ssh - good
ha_cluster - need to see if file format supports commenting
tlog - needs comments
certificate - not sure - says it generates scripts but I cannot find how
crypto_policies - good
firewall - good
metrics - needs comments - but this will involve changes to ansible-pcp
mssql - needs comments
nbde_client, nbde_server - uses json format - not sure about comments
network - needs comments
selinux - good
storage - I think /etc/crypttab is not "owned" by the role

in addition - there may be some of the roles that generate config files in a non-standard way (e.g. like postfix with postfix-conf - not using the template module or lookup) that we will have to do some more investigation to find out

For the kernel_settings role, the role should update the ansible_managed header in /etc/tuned/kernel_settings/tuned.conf when ansible_managed has changed

1) run the kernel_settings role with some values
2) create ansible.cfg in the current directory like this:

ansible_managed = my

3) run the kernel_settings role again with the same values
4) verify that /etc/tuned/kernel_settings/tuned.conf has a header like this:

# my
# ansible
# managed
# value

Comment 12 errata-xmlrpc 2022-05-10 14:12:50 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.