- fix: reload on resetting to defaults (#159)
- fix: make enabling/disabling non-existent services not fail in check mode (#153)
- fix: unmask firewalld on run, disable conflicting services (#154)
- fix: facts being gathered unnecessarily (#156)
- ci: fix python 2.7 CI tests by manually installing python2.7 package (#152)
- ci: ansible-test ignores file for ansible-core 2.15 (#155)
-
fix: Don't install python(3)-firewall it's a dependency of firewalld (#148)
Enhancement: The role now does not run tasks to install python-firewall or python3-firewall based on installed python version.
Reason: python-firewall or python3-firewall is pulled automatically by dnf and yum when installing firewalld. The issue is that when I install python3 on EL 7, the role then fails with "No package matching 'python3-firewall' found available, installed or updated". It sees python3 present on the system and tries to install python3-firewall, which is not available on EL 7.
Result: The role doesn't fail on EL 7 when python3 is installed on the managed node.
-
ci: Add commitlint GitHub action to ensure conventional commits (#139)
For more information, see Conventional Commits format in Contribute https://linux-system-roles.github.io/contribute.html#conventional-commits-format
Signed-off-by: Sergei Petrosian spetrosi@redhat.com
-
docs: Add note about using previous: replaced and temporary service failures (#141)
Add a note to the README about the use of
previous: replacedand that it can cause temporary service outages to the node being managed. linux-system-roles#138 -
docs: Consistent contributing.md for all roles - allow role specific contributing.md section (#143)
Provide a single, consistent contributing.md for all roles. This mostly links to and summarizes https://linux-system-roles.github.io/contribute.html
Allow for a role specific section which typically has information about role particulars, role debugging tips, etc.
See linux-system-roles/.github#19
Signed-off-by: Rich Megginson rmeggins@redhat.com
-
ci: update tox-lsr to version 3.0.0 (#144)
The major version bump is because tox-lsr 3 drops support for tox version 2. If you are using tox 2 you will need to upgrade to tox 3 or 4.
tox-lsr 3.0.0 adds support for tox 4, commitlint, and ansible-lint-collection
See https://github.com/linux-system-roles/tox-lsr/releases/tag/3.0.0 for full release notes
Signed-off-by: Rich Megginson rmeggins@redhat.com
-
ci: fix pylintrc issues (#145)
Remove
no-space-checkandovergeneral-exception -
ci: Add pull request template and run commitlint on PR title only (#147)
We now ensure the conventional commits format only on PR titles and not on commits to let developers keep commit messages targeted for other developers i.e. describe actual changes to code that users should not care about. And PR titles, on the contrary, must be aimed at end users.
For more info, see https://linux-system-roles.github.io/contribute.html#write-a-good-pr-title-and-description
Signed-off-by: Sergei Petrosian spetrosi@redhat.com
-
ci: Rename commitlint to PR title Lint, echo PR titles from env var (#149)
Signed-off-by: Sergei Petrosian spetrosi@redhat.com
- fix ansible-lint issues in tests (#134)
- add docs for set_default_zone (#135)
- Add README-ansible.md to refer Ansible intro page on linux-system-roles.github.io (#132)
- none
- ansible-lint 6.x fixes
- cannot use distutils; use custom version
- Add check for non-inclusive language (#114)
- Add CodeQL workflow for GitHub code scanning
- none
- none
- Added some example playbooks (#110)
- feature - add/remove interfaces by PCI ID
FEATURE OVERVIEW
-
allows users to add by what a device is (vendor:device_type) instead of interface names
-
interface names that match the wildcard XXXX:XXXX (X = hex) will be converted to interface names.
-
Multiple matches will result in play being done on multiple devices
-
-
Add Network Manager interaction when adding/removing interfaces from zones
-
Add functions that convert PCI IDs into network interface names
Fixes #87
- none
- changelog_to_tag action - github action ansible test improvements
-
Feature: add/update/delete services
- Can add services by using the present state, with the specified details for the service (Permanent required)
- Only required details are the service name using the service option, other options supported:
- short, description, port, source port, protocol, module (helper_module), destination
- remove services by using absent state and only the service name (no "detail" options) (Permanent required)
- remove service elements by adding the elements and their values
- service will not be removed if any of the removable elements are specified as well
- update short and descriptions of services by using present state with the options while short or description are defined
- Cannot remove short or descriptions
- as with the rest of this feature, permanent is required to do this
Fixes: #80
-
Feature: Ansible facts with firewalld configuration
- called by calling the firewall system role with either no parameters
or with only the
detailedparameter - fetches and returns ansible fact
firewall_config - detailed in README.md, under ansible_fact section
- called by calling the firewall system role with either no parameters
or with only the
Fixes #82
-
bugfix: port forward dict form
- fixed bug where port_forward argument only worked with string argument
- additionally argument convert to list if necessary
- minimal tests added for port forward
- tests_port_forward.yml only has the fail case that the role fails
Fixes: #85
- make all tests work with gather_facts: false (#84)
The tests_zone.yml test uses facts outside of the role and
needs to gather_facts: true when using ANSIBLE_GATHERING=explicit
- make min_ansible_version a string in meta/main.yml (#88)
The Ansible developers say that min_ansible_version in meta/main.yml
must be a string value like "2.9", not a float value like 2.9.
- fix destination rendering in github markdown renderer
Just make the problematic text a literal string so it won't get rendered incorrectly
- Add CHANGELOG.md (#90)
- none
- fix: state not required for masquerade and ICMP block inversion
- Fix deprecated syntax in Readme
- tests_ansible: replaced immediate options with runtime options
- none
- none
- remove customzone zone in cleanup
- bump tox-lsr version to 2.11.0; remove py37; add py310
- Added ability to restore Firewalld defaults
- none
- none
- support gather_facts: false; support setup-snapshot.yml
- none
- none
- ensure that changes to target take effect immediately
- Add ability to set the default zone
- none
- bump tox-lsr version to 2.10.1
- Added implicit firewalld reload for when a custom zone is added or removed
- none
- Reformatted tests_zone to use yaml format
- none
- none
- bump tox-lsr version to 2.8.3
- change recursive role symlink to individual role dir symlinks
- Added examples of options in Readme
- Added an issue template for the Firewalld System Role
- Added support for RHEL 7
- Added runtime and permanent flags to documentation.
- none
- none