RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2054367 - tlog - consistently use ansible_managed in configuration files managed by role
Summary: tlog - consistently use ansible_managed in configuration files managed by role
Keywords:
Status: CLOSED ERRATA
Alias: None
Deadline: 2022-02-22
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: rhel-system-roles
Version: 9.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 9.0
Assignee: Rich Megginson
QA Contact: Jakub Haruda
Eliane Ramos Pereira
URL:
Whiteboard: role:tlog
Depends On: 2044640 2054363 2054364 2054365 2054368 2054369 2057645 2057647 2057651 2057652 2057656 2057657 2057661 2057662 2064690
Blocks: 2047504 2047506
TreeView+ depends on / blocked
 
Reported: 2022-02-14 19:37 UTC by Rich Megginson
Modified: 2022-05-17 13:21 UTC (History)
7 users (show)

Fixed In Version: rhel-system-roles-1.15.0-1.el9
Doc Type: Enhancement
Doc Text:
.The Terminal session recording System Role uses the "Ansible managed" comment in its managed configuration files The Terminal session recording role generates 2 configuration files: * `/etc/sssd/conf.d/sssd-session-recording.conf` * `/etc/tlog/tlog-rec-session.conf` With this update, the Terminal session recording role inserts the "Ansible managed" comment into the configuration files, using the standard Ansible variable `ansible_managed`. The comment indicates that the configuration files should not be directly edited because the Terminal session recording role can overwrite the file. As a result, the configuration files contain a declaration stating that the configuration files are managed by Ansible.
Clone Of: 2054363
Environment:
Last Closed: 2022-05-17 13:03:30 UTC
Type: Bug
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-112222 0 None None None 2022-02-14 19:41:08 UTC
Red Hat Product Errata RHBA-2022:2443 0 None None None 2022-05-17 13:03:45 UTC

Description Rich Megginson 2022-02-14 19:37:29 UTC
+++ This bug was initially created as a clone of Bug #2054363 +++

+++ This bug was initially created as a clone of Bug #2044640 +++

Description of problem:
RHEL System Roles should consistently use ansible_managed to allow customers to customize the comment shown at the top of configuration files managed by RHEL System Roles.  Some roles do not use ansible_managed, or have hard coded comments.  For example, the kernel_settings role creates /etc/tuned/kernel_settings/tuned.conf with a hard coded comment.  


Version-Release number of selected component (if applicable):
rhel-system-roles-1.7.3-2.el8.noarch


Additional info:
This is likely not limited to the kernel_settings role.  All roles should be evaluated and updated as needed to use ansible_managed.  Any roles updated to use ansible_managed should refer to https://bugzilla.redhat.com/show_bug.cgi?id=2006230 to ensure multi-line ansible_managed comments are supported.

--- Additional comment from Rich Megginson on 2022-01-25 02:46:04 UTC ---

kernel_settings https://github.com/linux-system-roles/kernel_settings/pull/72
postfix - uses the `postconf` command to set configuration - so no template used to generate /etc/postfix/main.cf - we could use the "trick" developed by https://github.com/linux-system-roles/kernel_settings/pull/72/files#diff-3d0ff1709ca48add100327bb2a468e6c508fb92a159c64c4f99ad1df89d9bddeR79 to generate the ansible_managed value, then use something like `lineinfile` to ensure that value is in main.cf
logging - looks good, but need to confirm
vpn - needs ansible_managed
timesync - good
kdump - good
cockpit - good
ssh - good
ha_cluster - need to see if file format supports commenting
tlog - needs comments
certificate - not sure - says it generates scripts but I cannot find how
crypto_policies - good
firewall - good
metrics - needs comments - but this will involve changes to ansible-pcp
mssql - needs comments
nbde_client, nbde_server - uses json format - not sure about comments
network - needs comments
selinux - good
storage - I think /etc/crypttab is not "owned" by the role

in addition - there may be some of the roles that generate config files in a non-standard way (e.g. like postfix with postfix-conf - not using the template module or lookup) that we will have to do some more investigation to find out

Comment 16 errata-xmlrpc 2022-05-17 13:03:30 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: rhel-system-roles), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2443


Note You need to log in before you can comment on or make changes to this bug.