Skip to content

Releases: linux-system-roles/certificate

Fix permissions with "group" option; test with ansible 2.12

08 Nov 21:03
52866a7
Compare
Choose a tag to compare

use tox-lsr version 2.5.1

This version removes support for molecule until we can figure out
what to do about molecule. This should make all of the tox tests
pass (except for python 2.6).

Signed-off-by: Rich Megginson rmeggins@redhat.com

support ansible-core 2.11 ansible-test and ansible-lint

Fix parser fail on certificate verification.

Due to a change in Python's cryptography version 35.0.0 certificate
parser, and a difference in the ASN.1 certificate spec interpretation,
the certificates generated by certmonger fail to be validated.

This patch forces the version for the 'cryptography' package installed
to ignore the affected version, and should allow the tests for this
role to be executed.

certmonger already has a fix for the issue, but it might not be
available for every release supported by certificate role.

tests: Validate certificate permissions

Without specifying group:, certificates ought to have tight
permissions and only be accessible to the owner.

This currently also applies to certificates with group:, which is
wrong -- this will be fixed in the next commit.

Fix certificate permissions with "group" option

The default permissions are 0600, so that certificates are inaccessible
to the specified group. Add group read permission in that case, so that
this actually works.

Test this for both local certmonger and IPA.

support python 39, ansible-core 2.12, ansible-plugin-scan

update tox-lsr version to 2.7.1

update the tox-lsr version used in github actions tox CI
to 2.7.1

The only difference between this an 2.7.0 is that Ansible 2.12
is now GA.

Signed-off-by: Rich Megginson rmeggins@redhat.com

drop support for ansible 2.8

12 Aug 16:26
9ba6111
Compare
Choose a tag to compare

Drop support for Ansible 2.8 by bumping the Ansible version to 2.9

min_ansible_version is now 2.9
Bug 1989197 - drop support for Ansible 2.8
https://bugzilla.redhat.com/show_bug.cgi?id=1989197

Suppress warnings when using `tar`

07 Aug 01:47
c622097
Compare
Choose a tag to compare

- Instead of the unarchive module, use "tar" command for backup.

  • Do not warn about unarchive.

Ref: bz1984182, bz1987096

Instead of the archive module, use "tar" command for backup.

28 Jul 21:21
0494b9a
Compare
Choose a tag to compare

Instead of the archive module, use "tar" command for backup.

Note: having the module 'archive' makes the role fail with an error
"couldn't resolve module/action 'archive'." if executed with ansible-
navigator.

Ref: bz1984182

Fix lint issues; support EL 9 managed hosts

26 May 20:57
310fc53
Compare
Choose a tag to compare

Fix lint issues

support EL 9 managed hosts

works with collection on Ansible 2.9; works with jinja 2.7

22 Feb 21:39
50041ce
Compare
Choose a tag to compare
  • a fix for modules and module_utils so that they work when used inside a collection when using Ansible 2.9
  • make the role work with jinja 2.7

Changes to support conversion to collections

19 Nov 20:00
6e86cdc
Compare
Choose a tag to compare

This contains changes to support conversion to collection as well as some tox/travis fixes. No functionality changes.

Initial release of certificate management

26 Aug 18:46
fedef6e
Compare
Choose a tag to compare

This role is used to issue TLS/SSL certificates and to manage automatic
renewal of those certificates. The default provider is certmonger.
This role can work with FreeIPA to manage certificates issued by
FreeIPA.