- feat: Remove python expect dependency in crmsh (#249)
- fix: update constraints commands syntax for pcs-0.12 (#245)
- feat: export corosync configuration (#231)
- fix: list cloud agent packages by architecture (#244)
- ci: tests update for pcs-0.12 and pacemaker-3 (#238)
- ci: bump codecov/codecov-action from 4 to 5 (#239)
- ci: Use Fedora 41, drop Fedora 39 (#242)
- ci: Use Fedora 41, drop Fedora 39 - part two (#243)
- feat: crmsh 4.6.0 support and stonith-enabled workflow update (#232)
- ci: Add tags to TF workflow, allow more [citest bad] formats (#229)
- docs: improve comments in SBD examples (#230)
- ci: ansible-test action now requires ansible-core version (#233)
- ci: add YAML header to github action workflow files (#234)
- refactor: Use vars/RedHat_N.yml symlink for CentOS, Rocky, Alma wherever possible (#236)
- fix: openssl is now required for password (#227)
- fix: Fixes for new pcs and ansible (#223)
- ci: Add workflow for ci_test bad, use remote fmf plan (#221)
- ci: Fix missing slash in ARTIFACTS_URL (#222)
- docs: fix sbd_devices documentation and examples (#224)
- test: add gather_facts true for tests that need facts (#225)
- feat: crmsh watchdog correction, remove obsolete assert for softdog (#217)
- feat: Add alerts support (#218)
- ci: Add tft plan and workflow (#214)
- ci: Update fmf plan to add a separate job to prepare managed nodes (#216)
- ci: bump sclorg/testing-farm-as-github-action from 2 to 3 (#219)
- feat: crmsh corosync jinja2 template rework (#212)
- ci: ansible-lint action now requires absolute directory (#211)
- ci: use tox-lsr 3.3.0 which uses ansible-test 2.17 (#205)
- ci: tox-lsr 3.4.0 - fix py27 tests; move other checks to py310 (#207)
- ci: fix Python discovery with Ansible 2.17+ (#208)
- ci: Add supported_ansible_also to .ansible-lint (#209)
- feat: crmsh enhancements, master slave, validations (#197)
- feat: Add support for utilization (#202)
- fix: make consistent approach for multiple node attributes sets (#201)
- ci: fix internal gitlab CI (#200)
- feat: SLES15 enablement, HAE detection (#192)
- feat: Add support for ACL (#193)
- feat: easily install cloud agents (#194)
- feat: ha_cluster_node_options allows per-node addresses and SBD options to be set (#196)
- ci: bump ansible/ansible-lint from 6 to 24 (#195)
- ci: bump mathieudutour/github-tag-action from 6.1 to 6.2 (#198)
- feat: crmsh workflow and SUSE support (#186)
- docs: change Supported to Compatible (#188)
- feat: add support for configuring node attributes (#184)
- ci: bump codecov/codecov-action from 3 to 4 (#182)
- ci: fix python unit test - copy pytest config to tests/unit (#183)
- ci: bump github/codeql-action from 2 to 3 (#176)
- ci: Use supported ansible-lint action; run ansible-lint against the collection (#177)
- ci: Use supported ansible-lint action; run ansible-lint against the collection (#178)
- style: followup for recent ansible-lint related changes (#179)
- test: fix jinja templates in conditionals (#173)
- refactor: get_ostree_data.sh use env shebang - remove from .sanity* (#171)
- fix: set sbd.service timeout based on SBD_START_DELAY (#169)
- ci: bump actions/github-script from 6 to 7 (#168)
- fix: manage firewall on qnetd hosts (#166)
- feat: support for ostree systems (#159)
- test: update for ansible-test-2.16 (#162)
- test: do not use true test with select (#163)
- feat: add an option to enable Resilient Storage rpm repository (#158)
- fix: cast sbd option value to string (#160)
- feat: Add support for configuring stonith levels (#147)
- build(deps): bump actions/checkout from 3 to 4 (#146)
- ci: dependabot git commit msg lint; badge ordering (#150)
- ci: use dump_packages.py callback to get packages used by role (#152)
- test: support for qdevice tls and kaptb options (#153)
- ci: tox-lsr version 3.1.1 (#156)
-
docs: fix missing pronoun in readme (#141)
-
ci: Add markdownlint, test_html_build, and build_docs workflows (#142)
- markdownlint runs against README.md to avoid any issues with converting it to HTML
- test_converting_readme converts README.md > HTML and uploads this test artifact to ensure that conversion works fine
- build_docs converts README.md > HTML and pushes the result to the docs branch to publish dosc to GitHub pages site.
- Fix markdown issues in README.md
Signed-off-by: Sergei Petrosian [email protected]
-
docs: Make badges consistent, run markdownlint on all .md files (#143)
- Consistently generate badges for GH workflows in README RHELPLAN-146921
- Run markdownlint on all .md files
- Add custom-woke-action if not used already
- Rename woke action to Woke for a pretty badge
Signed-off-by: Sergei Petrosian [email protected]
-
ci: Remove badges from README.md prior to converting to HTML (#144)
- Remove thematic break after badges
- Remove badges from README.md prior to converting to HTML
Signed-off-by: Sergei Petrosian [email protected]
- feat: cluster and quorum can have distinct passwords (#134)
- fix: various minor fixes (#137)
- fix: facts being gathered unnecessarily (#139)
- ci: Add pull request template and run commitlint on PR title only (#133)
- ci: Rename commitlint to PR title Lint, echo PR titles from env var (#135)
- ci: test with pcs v0.11.6 (#136)
- ci: ansible-lint - ignore var-naming[no-role-prefix] (#138)
- style: address ansible-lint issues
- docs: Consistent contributing.md for all roles - allow role specific contributing.md section
- docs: fix collection requirements section
- style: fix linter issues in SBD task files
- test: update for upcoming pcs release
- refactor: update qdevice for upcoming pcs release
- test: check generated files for ansible_managed, fingerprint
- ci: Add commitlint GitHub action to ensure conventional commits with feedback
- fix ansible-lint issues with changed_when, others (#118)
- add support for resource and operation defaults
- Add possibility to load SBD watchdog kernel modules (#82)
- use pcs to setup qdevice certificates if available
- Add README-ansible.md to refer Ansible intro page on linux-system-roles.github.io (#115)
- Fingerprint RHEL System Role managed config files (#116)
- none
- Fix stonith watchdog timeout; fix purging nodes from pacemaker (#105)
- none
- none
- Fence agent firewall port is restricted to x86_64 architecture. (#106)
- none
- none
- Not request password to be specified when purging cluster (#92)
When running the role with ha_cluster_cluster_present: false to purge cluster passwords are not required Add a missing bool mapping do not set hacluster password when it is empty
- ansible-lint 6.x fixes (#94)
- Add check for non-inclusive language (#97)
- none
- Allow enabled SBD on disabled cluster (#81)
Currently the sbd.service will not be enabled if the cluster autostart is disabled. This is not intended behavior as is will effectively break the feature. We can simply remove the condition to depend on ha_cluster_start_on_boot as on a RHEL8 system the sbd.service has a dependencies (Before/After/PartOf/RequiredBy) to cluster related services which make sure it is only ever started by the cluster (a manual start is not possible).
- none
- none
- command warn is not supported in ansible-core 2.14
If users want to suppress the warning, users will need to configure ansible.cfg.
-
fix ownership of cib.xml
-
update for upcoming pcs release
The upcoming pcs brings stricter validation for resource configuration to prevent certain types of misconfiguration.
- tests: add qnetd cleanup
- none
- none
- fix qnetd check mode
- none
- none
- none
- long heading causes problems with md to adoc conversion
The long heading causes problems with md to adoc conversion. Shorten the length by using abbreviations.
-
Use the firewall role and the selinux role from the ha_cluster role
-
Introduce ha_cluster_manage_firewall to use the firewall role to manage the high-availability service and the fence-virt port. Default to false - means the firewall role is not used.
-
Introduce ha_cluster_manage_selinux to use the selinux role to manage the ports in the high-availability service. Assign cluster_port_t to the high-availability service ports. Default to false - means the selinux role is not used.
-
Add the test check task tasks/check_firewall_selinux.yml for verify the ports status.
Note: This pr changes the ha_cluster role's behavior slightly. It used to configure firewall without any settings if the firewall service is enabled. With this change made by this pr, unless ha_cluster_manage_firewall is set to true, the firewall is not configured.
-
Use the certificate role to create the cert and the key
-
Introduce a variable ha_cluster_pcsd_certificates to set the certificate_requests.
Note: Get mode of /var/lib/pcsd using the stat module and reset it in the following file for fixing the issue "risky-file-permissions File permissions unset or incorrect".
-
add support for configuring qnetd
-
add support for configuring qdevice
-
qdevice and qnetd documentation
- fix decoding variables from an Ansible vault
Workaround Ansible issue ansible/ansible#24425 Before fix, the role was failing with the following message: object of type 'AnsibleVaultEncryptedUnicode' has no len()
-
add a test for vault-encrypted variables
-
adapt tests with vault-encrypted variables for CI
-
use a real temporary directory for test secrets
The tests were writing generated secrets to the directory tests/tmp which is shared by all tests when running tests in parallel. Instead, create a real temporary directory for these secrets for the tests that use generated secrets.
-
fix checking hacluster password
-
update sbd config file template
-
fix installing qnetd and pcs packages
-
fix auth for qnetd host
-
fix linter issues
-
fix qnetd setup in tests
-
fix typos
- none
- only install and setup fence-virt on x86_64 hosts (#64)
fence-virt is not available for any architecture other than x86_64
- replace yes, no, default with true, false, d
Use true
, false
, and d
instead of yes
, no
, and default
- readme: update SBD example (#61)
- none
- readme: describe limitations of udp transports (#56)
- make all tests work with gather_facts: false (#52)
Ensure tests work when using ANSIBLE_GATHERING=explicit
- make min_ansible_version a string in meta/main.yml (#53)
The Ansible developers say that min_ansible_version
in meta/main.yml
must be a string
value like "2.9"
, not a float
value like 2.9
.
- Add CHANGELOG.md (#54)
- none
- s/ansible_play_hosts_all/ansible_play_hosts/ where applicable
- none
- none
- If ansible_hostname includes '_' the role fails with
invalid characters in salt
- Setup test vars
- none
- additional fix for password_hash salt length
- bump tox-lsr version to 2.11.0; remove py37; add py310
- Add support for SBD devices
- support gather_facts: false; support setup-snapshot.yml
- add support for configuring bundle resources
- Pcs fixes
- none
- add support for advanced corosync configuration
- none
- bump tox-lsr version to 2.10.1
- add SBD support
- none
- bump tox-lsr version to 2.9.1
- none
- fix default pcsd permissions
- none
- add support for configuring resource constraints
- none
- bump tox-lsr version to 2.8.3
- change recursive role symlink to individual role dir symlinks
- none
- fix ansible-lint issues
- update tox-lsr version to 2.7.1
- support python 39, ansible-core 2.12, ansible-plugin-scan
- use firewall-cmd instead of firewalld module
- replace rhsm_repository with subscription-manager cli
- Use the openssl command-line interface instead of the openssl module
- fix password_hash salt length
- use apt-get install -y
- use tox-lsr version 2.5.1
- Drop support for Ansible 2.8 by bumping the Ansible version to 2.9
- none
- none
- add pacemaker cluster properties configuration
- do not fail if openssl is not installed
- none
- none
- none
- Code cleanup
- add pacemaker resources configuration
- fix reading preshared keys
- Fix issues related to enabling repositories
- Ha_cluster - fixing ansible-test errors
- Remove python-26 environment from tox testing
- update to tox-lsr 2.4.0 - add support for ansible-test with docker
- CI: Add support for RHEL-9