Releases: linux-system-roles/certificate
Fix permissions with "group" option; test with ansible 2.12
use tox-lsr version 2.5.1
This version removes support for molecule until we can figure out
what to do about molecule. This should make all of the tox tests
pass (except for python 2.6).
Signed-off-by: Rich Megginson rmeggins@redhat.com
support ansible-core 2.11 ansible-test and ansible-lint
Fix parser fail on certificate verification.
Due to a change in Python's cryptography version 35.0.0 certificate
parser, and a difference in the ASN.1 certificate spec interpretation,
the certificates generated by certmonger fail to be validated.
This patch forces the version for the 'cryptography' package installed
to ignore the affected version, and should allow the tests for this
role to be executed.
certmonger already has a fix for the issue, but it might not be
available for every release supported by certificate role.
tests: Validate certificate permissions
Without specifying group:
, certificates ought to have tight
permissions and only be accessible to the owner.
This currently also applies to certificates with group:
, which is
wrong -- this will be fixed in the next commit.
Fix certificate permissions with "group" option
The default permissions are 0600, so that certificates are inaccessible
to the specified group. Add group read permission in that case, so that
this actually works.
Test this for both local certmonger and IPA.
support python 39, ansible-core 2.12, ansible-plugin-scan
update tox-lsr version to 2.7.1
update the tox-lsr version used in github actions tox CI
to 2.7.1
The only difference between this an 2.7.0 is that Ansible 2.12
is now GA.
Signed-off-by: Rich Megginson rmeggins@redhat.com
drop support for ansible 2.8
Drop support for Ansible 2.8 by bumping the Ansible version to 2.9
min_ansible_version is now 2.9
Bug 1989197 - drop support for Ansible 2.8
https://bugzilla.redhat.com/show_bug.cgi?id=1989197
Suppress warnings when using `tar`
- Instead of the unarchive module, use "tar" command for backup.
- Do not warn about unarchive.
Ref: bz1984182, bz1987096
Instead of the archive module, use "tar" command for backup.
Instead of the archive module, use "tar" command for backup.
Note: having the module 'archive' makes the role fail with an error
"couldn't resolve module/action 'archive'." if executed with ansible-
navigator.
Ref: bz1984182
Fix lint issues; support EL 9 managed hosts
Fix lint issues
support EL 9 managed hosts
works with collection on Ansible 2.9; works with jinja 2.7
- a fix for modules and module_utils so that they work when used inside a collection when using Ansible 2.9
- make the role work with jinja 2.7
Changes to support conversion to collections
This contains changes to support conversion to collection as well as some tox/travis fixes. No functionality changes.
Initial release of certificate management
This role is used to issue TLS/SSL certificates and to manage automatic
renewal of those certificates. The default provider is certmonger
.
This role can work with FreeIPA to manage certificates issued by
FreeIPA.