Update the 6.6.0 changelog (#457)

* Updated redirected links 
* Removed broken links
* Modernized EL6 references
* Updated the 6.6.0 changelog

Closes #458

docs/FAQ/Selinux.rst

@@ -7,15 +7,14 @@ If you experience a failed boot after running :command:`simp bootstrap` with an
 that says something along the lines of ``Failed to load SELINUX policy, freezing``, follow these
 instructions:
 
-#. Reboot into single user mode or a rescue shell (instructions on `EL6`_ and
-   `EL7`_). You may need your GRUB password that was set during :command:`simp config` or set using
-   the :pupmod:`simp/simp_grub` module.
+#. Reboot into a rescue shell (instructions on `EL8`_ and `EL7`_). You may need your GRUB password
+   that was set during :command:`simp config` or set using the :pupmod:`simp/simp_grub` module.
 
 #. Reinstall the selinux policy: :command:`yum reinstall -y selinux-policy-targeted`
 
 #. Tell the kernel to relabel all files during next boot: :command:`touch /.autorelabel`
 
 #. Reboot
 
-.. _EL6: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-single-user_mode
 .. _EL7: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/system_administrators_guide/index#sec-Terminal_Menu_Editing_During_Boot
+.. _EL8: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/system_design_guide/troubleshooting-after-installation_installer-troubleshooting#booting-into-rescue-mode_using-rescue-mode

docs/HOWTO/00_Accounts_and_Access/Configure_Ssh.rst

@@ -106,7 +106,7 @@ need to be noted:
 * *No direct MATCH entry support*:
      Due to their complexity, :code:`Match` entries are not supported.  However,
      you can add them using the :code:`sshd_config_match` resource from the
-     `herculesteam-augeasproviders_ssh`_ module.  Since :pupmod:`simp/ssh` uses
+     :pupmod:`puppet/augeasproviders_ssh` module.  Since :pupmod:`simp/ssh` uses
      this module internally, the :code:`sshd_config_match` resource will be
      available to you on any node using :pupmod:`simp/ssh`.
 
@@ -161,7 +161,7 @@ Managing Additional Settings with ``ssh_config``
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 Starting with version **6.4.0** of the :pupmod:`simp/ssh` module, you can use the
-`ssh_config`_ resource from the `herculesteam-augeasproviders_ssh`_ module to
+`ssh_config`_ resource from the :pupmod:`puppet/augeasproviders_ssh` module to
 manage settings that the module does not cover.
 
 For instance, to ensure that the default host entry's :code:`RequestTTY` option is
@@ -176,5 +176,4 @@ set to ``auto``:
      value  => 'auto',
    }
 
-.. _herculesteam-augeasproviders_ssh: https://github.com/hercules-team/augeasproviders_ssh
 .. _ssh_config: https://github.com/hercules-team/augeasproviders_ssh/blob/master/README.md

docs/HOWTO/10_SIMP/Managing_Workstation_Infrastructures.rst

@@ -340,12 +340,9 @@ following in the target node's :term:`Hiera` data or corresponding workstation h
 .. NOTE::
 
    MATE is used here for :term:`EL` 7 systems since x2go cannot yet process
-   GNOME 3 sessions natively with any kind of consistency. If using EL 6, GNOME
-   will be used.
+   GNOME 3 sessions natively with any kind of consistency.
 
-   Due to this difference, EL 7 servers should be connected to with MATE
-   selected as the target window manager and EL6 systems should be connected to
-   with GNOME selected as the target window manager.
+   MATE was removed from EL8 and a suitable replacement has yet to be integrated into SIMP.
 
    For more details, see the `x2go wiki`_
 

docs/HOWTO/10_SIMP/Using_the_SIMP_Release_RPM.rst

@@ -13,6 +13,7 @@ The latest SIMP Community Release RPMs are always available at https://download.
 Install it by running:
 
 .. code-block:: bash
+
    # el7 Install
    sudo yum install https://download.simp-project.com/simp-release-community.el7.rpm
 

docs/HOWTO/20_Puppet/Enable_Client_Reporting.rst

@@ -72,4 +72,4 @@ view of your environment.
 The :program:`puppetlast` command is provided by the :package:`simp-utils` RPM.
 
 .. _Puppetboard: https://github.com/voxpupuli/puppetboard
-.. _PuppetDB API: https://puppet.com/docs/puppetdb/latest/api/index.html
+.. _PuppetDB API: https://puppet.com/docs/puppetdb/7/api/overview.html

docs/HOWTO/90_Misc/Kerberos.rst

@@ -39,7 +39,7 @@ Beginning with krb5
 
 The following sections give a brief guide on how to get started with manual
 Kerberos configuration and distribution of keytabs, for more information,
-please see the `official Red Hat documentation`_.
+please see the `MIT Kerberos documentation`_.
 
 Creating Admin Principals
 ^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -121,4 +121,4 @@ Once the Puppet Agent runs on the clients, your keytabs will copied to
 place as the default system keytab.
 
 .. _SIMP KRB5 Puppet Module: https://github.com/simp/pupmod-simp-krb5
-.. _official Red Hat documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_cards/configuring_a_kerberos_5_server
+.. _MIT Kerberos documentation: https://web.mit.edu/kerberos/krb5-latest/doc/

docs/HOWTO/90_Misc/Manage_TPM.rst

@@ -502,7 +502,7 @@ To install and configure the HIRS TPM Provisioner, add the following Hiera:
 
 .. _IBM's Software TPM 1.2: https://sourceforge.net/projects/ibmswtpm/
 .. _IBM's Software TPM 2.0: https://sourceforge.net/projects/ibmswtpm2/
-.. _Intel Site: https://software.intel.com/content/www/us/en/develop/articles/intel-trusted-execution-technology.html
+.. _Intel Site: https://www.intel.com/content/www/us/en/developer/articles/tool/intel-trusted-execution-technology.html
 .. _SIMP TPM 1.2 Simulator: https://github.com/simp/simp-tpm12-simulator
 .. _SIMP TPM 2.0 Simulator: https://github.com/simp/simp-tpm2-simulator
 .. _SIMP hirs_provisioner module: https://github.com/simp/pupmod-simp-hirs_provisioner

docs/HOWTO/90_Misc/NFS.rst

@@ -40,41 +40,15 @@ Known Issues
 Stunnel and Autofs
 ^^^^^^^^^^^^^^^^^^
 
-The ``autofs`` package that was released with CentOS 7.3 (`autofs-5.0.7-56`_)
-worked properly over a :term:`stunnel` connection.
-
-The release shipped with with CentOS 7.4 (**5.0.7-69**) prevents any connection
-from happening to the local ``stunnel`` process and breaks mounts to remote systems
-over ``stunnel`` connections.
+.. WARNING::
 
-The release that ship with CentOS 7.6 (**5.0.7-99**) has fixed the issue.
+   You must ensure that you are using :package:`autofs` greater than ``5.0.7-99``.
 
 To use :term:`NFS` over ``stunnel`` and ``automount`` directories with old
 CentOS 7 releases, you must use the appropriate ``autofs`` package.
 
 To determine what version of ``autofs`` is installed, run ``automount -V``.
 
-To force the package to the desired version:
-
-* Make sure the package is available via your package-management facility then
-  set the package version in :term:`Hiera`:
-
-.. code-block:: yaml
-
-   autofs::autofs_package_ensure: '5.0.7-99'
-
-* Alternatively, ensure that the latest packages are available and set the
-  following:
-
-.. code-block:: yaml
-
-   autofs::autofs_package_ensure: 'latest'
-
-
-The associated bug report can be found at:
-
-- CentOS 7  https://bugs.centos.org/view.php?id=14080.
-
 Limited Kerberos Support
 ^^^^^^^^^^^^^^^^^^^^^^^^
 

docs/HOWTO/90_Misc/Unpack_dvd.rst

@@ -85,7 +85,7 @@ The following example will extract only the PXE files to the rsync directory:
    # Place the -X options after the ISO name.
    sudo su - root
    # copy the iso to the system
-   unpack_dvd -v 8.0.1905 --no-unpack-yum /myisodir/CentOS--x86_64-1905-dvd1.iso -X
+   unpack_dvd -v 8.0.1905 --no-unpack-yum /myisodir/CentOS-8-x86_64-1905-dvd1.iso -X
 
 The following example will extract both the RPMs and PXE files to alternate directories:
 
@@ -97,6 +97,6 @@ The following example will extract both the RPMs and PXE files to alternate dire
    mkdir -p /my/tftpboot
    # The PXE directory must follow the -X option.
    # The -d options changes the directory to extract OS files
-   unpack_dvd -v 8.0.1905 -d /my/repodir /myisodir/CentOS--x86_64-1905-dvd1.iso -X /my/tftpboot
+   unpack_dvd -v 8.0.1905 -d /my/repodir /myisodir/CentOS-8-x86_64-1905-dvd1.iso -X /my/tftpboot
    yum clean all && yum makecache
 

docs/_extensions/simp_roles.py

@@ -46,7 +46,7 @@ def role(name, rawtext, text, lineno, inliner, options={}, content=[]):
 
     # Link to the module on Puppet Forge (if the text is in the right format)
     if len(forge_names) == 2:
-      url = 'https://forge.puppet.com/%s/%s' % (forge_names[0], forge_names[1])
+      url = 'https://forge.puppet.com/modules/%s/%s' % (forge_names[0], forge_names[1])
       node = nodes.reference(rawtext, text, refuri=url, **options)
       if re.search('-', text):
         fixed_text = re.sub('-', '/', text)

docs/changelogs/latest.rst

@@ -26,11 +26,12 @@ OS compatibility
 This release is known to work with:
 
   * CentOS 7.0 2009 x86_64
-  * CentOS 8.4 2105 x86_64
+  * CentOS 8.5 2111 x86_64
+  * CentOS 8 Stream 20220423 x86_64
   * OEL 7.9 x86_64
-  * OEL 8.4 x86_64
+  * OEL 8.5 x86_64
   * RHEL 7.9 x86_64
-  * RHEL 8.4 x86_64
+  * RHEL 8.5 x86_64
 
 
 Full support for EL8
@@ -213,19 +214,19 @@ Puppet RPMs
 
 The following Puppet RPMs are packaged with the SIMP 6.6.0 ISOs:
 
-+-----------------------------+-----------------------------+
-| Package                     | Version                     |
-+=============================+=============================+
-| :package:`puppet-agent`     | FIXME  6.22.1-1 or 7.12.0-1 |
-+-----------------------------+-----------------------------+
-| :package:`puppet-bolt`      | FIXME  3.19.0-1 or FIXME    |
-+-----------------------------+-----------------------------+
-| :package:`puppetdb`         | FIXME  6.16.1-1 or 7.7.0-1  |
-+-----------------------------+-----------------------------+
-| :package:`puppetdb-termini` | FIXME  6.16.1-1 or 7.7.0-1  |
-+-----------------------------+-----------------------------+
-| :package:`puppetserver`     | FIXME  6.15.3-1 or 7.4.1-1  |
-+-----------------------------+-----------------------------+
++-----------------------------+----------------------+
+| Package                     | Version              |
++=============================+======================+
+| :package:`puppet-agent`     | 6.27.1-1 or 7.16.0-1 |
++-----------------------------+----------------------+
+| :package:`puppet-bolt`      | 3.22.1-1             |
++-----------------------------+----------------------+
+| :package:`puppetdb`         | 6.21.0-1 or 7.10.1-1 |
++-----------------------------+----------------------+
+| :package:`puppetdb-termini` | 6.21.0-1 or 7.10.1-1 |
++-----------------------------+----------------------+
+| :package:`puppetserver`     | 6.19.0-1 or 7.7.0-1  |
++-----------------------------+----------------------+
 
 Removed Puppet Modules
 ----------------------
@@ -235,6 +236,17 @@ The following modules were removed from the release:
 * :package:`simp_pki_service`
 * :package:`simp_bolt`
 
+Replaced Puppet Modules
+-----------------------
+
++---------------------------+-------------------------+
+| Original                  | Replacement             |
++===========================+=========================+
+| :pupmod:`aboe/chrony`     | :pupmod:`puppet/chrony` |
++---------------------------+-------------------------+
+| :pupmod:`camptocamp/kmod` | :pupmod:`puppet/kmod`   |
++---------------------------+-------------------------+
+
 .. _changelog-6.6.0-fixed-bugs:
 
 Fixed Bugs
@@ -355,8 +367,12 @@ pupmod-simp-pupmod
 
 * Changed all instances of setting items in the :code:`master` section to use
   :code:`server` instead
+* Updated :code:`pupmod::conf` to automcatically switch :code:`master` to :code:`server`
+* Automatically remove items from the puppet config in the :code:`master` section that are set in
+  the :code:`server` section
 * Added :code:`pupmod::master::sysconfig::use_code_cache_flushing` to reduce
   excessive memory usage
+* Removed SHA1 ciphers from the server cipher list
 * Disconnected the puppetserver from the system FIPS libraries since it causes
   conflicts with the vendor provided settings
 * Allow :code:`pupmod::puppet_server` to accept Arrays
@@ -414,6 +430,8 @@ pupmod-simp-selinux
 pupmod-simp-simp
 ^^^^^^^^^^^^^^^^
 
+* Updated :code:`simp::yum::repo::local_os_updates` to use the gpg keys installed into :file:`<yum
+  directory>/SIMP/GPGKEYS` to work around changes in EL8
 * Corrected the :code:`HeapDumpOnOutOfMemoryError` setting for :program:`puppetdb`
 * Ensure that :program:`nsswitch` :program:`SSSD` options for :file:`sudoers` do
   not stop on files
@@ -448,6 +466,11 @@ pupmod-simp-simp_gitlab
 * Fixed a bug where the :program:`change_gitlab_root_password` script did not
   work with GitLab after 13.6.0
 
+pupmod-simp-simp_grub
+^^^^^^^^^^^^^^^^^^^^^
+
+* Updated the documentation to better reflect GRUB2
+
 pupmod-simp-simp_nfs
 ^^^^^^^^^^^^^^^^^^^^
 
@@ -469,6 +492,7 @@ pupmod-simp-simp_openldap
 pupmod-simp-simplib
 ^^^^^^^^^^^^^^^^^^^
 
+* Fixed the call to `klist` to properly handle cache issues
 * Increased randomization in :code:`simplib::gen_random_password`
 * :code:`simplib::cron::hour_entry` now supports comma separated lists
 * :code:`simplib::cron::minute_entry` now supports comma separated lists
@@ -495,6 +519,8 @@ pupmod-simp-ssh
 pupmod-simp-sssd
 ^^^^^^^^^^^^^^^^
 
+* Added an option to :code:`sssd::install` to prevent installation of the :program:`sssd` client to
+  increase compatibility with other operating systems
 * Fixed multiple compatibility issues with non-OpenLDAP LDAP servers
 * No longer use :code:`concat` but instead drop configuration items into the
   :file:`/etc/sssd/conf.d` directory
@@ -523,6 +549,7 @@ pupmod-simp-swap
 pupmod-simp-tlog
 ^^^^^^^^^^^^^^^^
 
+* Add a :code:`file` resource if the file writer is specified
 * Corrected the login in :file:`tlog.sh.epp` in the case where a user does not
   have a login shell
 
@@ -555,6 +582,8 @@ simp-gpgkeys
 ^^^^^^^^^^^^
 
 * Fixed the target location for copying the GPG keys into the YUM repository
+* Removed EL6 keys
+* Updated the Red Hat release key
 
 simp-rsync
 ^^^^^^^^^^
@@ -606,6 +635,11 @@ pupmod-simp-ds389
 
 * New module for managing 389 DS
 
+pupmod-simp-simp_firewalld
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Added the :pupmod:`simp/simp_firewalld` module and set it to the default on EL8+
+
 pupmod-simp-gnome
 ^^^^^^^^^^^^^^^^^
 
@@ -622,6 +656,8 @@ pupmod-simp-logrotate
 pupmod-simp-pam
 ^^^^^^^^^^^^^^^
 
+* Added `dictcheck` and `faillock_log_file` parameter support
+* Added Amazon Linux 2 support
 * Added a :program:`pre` section for setting auth file content to work with
   third party plugins
 * Added the ability to set extra content in the :program:`su` configuration
@@ -663,6 +699,7 @@ numerous changes!
 pupmod-simp-simp
 ^^^^^^^^^^^^^^^^
 
+* Added EL8 support
 * Added :code:`simp::puppetdb::disable_update_checking` to disable default
   analytics in accordance with NIST guidance
 * :program:`puppetdb` now sets :code:`UseCodeCacheFlushing` by default
@@ -709,6 +746,12 @@ pupmod-simp-simplib
 * Added :program:`net.ipv6.conf.all.disable_ipv6` to the :program:`simplib_sysctl` fact
 * Added a :program:`simplib__cryhpto_policy_state` fact
 
+pupmod-simp-ssh
+^^^^^^^^^^^^^^^
+
+* Added an option to turn off managing the :code:`AuthorizedKeysFile` parameter in
+  :file:`/etc/ssh/sshd_config`
+
 pupmod-simp-sssd
 ^^^^^^^^^^^^^^^^
 
@@ -719,6 +762,11 @@ pupmod-simp-sssd
 * Users can optionally purge the :file:`/etc/sssd/conf.d` directory if they want
   puppet to be authoritative
 
+pupmod-simp-sudo
+^^^^^^^^^^^^^^^^
+
+* Added the ability for users to create :code:`include` clauses in :file:`/etc/sudoers`
+
 pupmod-simp-tpm2
 ^^^^^^^^^^^^^^^^
 
@@ -759,7 +807,7 @@ Known Bugs and Limitations
 Below are bugs and limitations known to affect this release. If you discover
 additional problems, please `submit an issue`_ to let use know.
 
-* SSSD does not always start the ds389 LDAP server immediately after kickstarting
+* :program:`sssd` does not always start the :program:`ds389` LDAP server immediately after kickstarting
   an EL8 system.  An additional puppet run clears the problem.  The error in the log is
 
   sssd.dataprovider.getDomains: Error [1432158215]: DP target is not configured