import rhel-system-roles-1.88.9-0.1.el9_5

3 months ago · 085e380b0b
parent 2540892221
commit 085e380b0b
7 changed files with 705 additions and 388 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,31 +1,36 @@
-SOURCES/ad_integration-1.1.3.tar.gz
+SOURCES/ad_integration-1.4.6.tar.gz
 SOURCES/ansible-posix-1.5.4.tar.gz
-SOURCES/ansible-sshd-v0.19.0.tar.gz
+SOURCES/ansible-sshd-v0.25.0.tar.gz
-SOURCES/auto-maintenance-e010c878833e363195dd707d1334ff48a254b092.tar.gz
+SOURCES/auto-maintenance-1.88.9.tar.gz
-SOURCES/certificate-1.2.1.tar.gz
+SOURCES/bootloader-1.0.7.tar.gz
-SOURCES/cockpit-1.4.7.tar.gz
+SOURCES/certificate-1.3.6.tar.gz
-SOURCES/community-general-7.3.0.tar.gz
+SOURCES/cockpit-1.5.10.tar.gz
-SOURCES/containers-podman-1.10.3.tar.gz
+SOURCES/community-general-9.3.0.tar.gz
-SOURCES/crypto_policies-1.2.11.tar.gz
+SOURCES/containers-podman-1.15.4.tar.gz
-SOURCES/firewall-1.6.3.tar.gz
+SOURCES/crypto_policies-1.4.0.tar.gz
-SOURCES/ha_cluster-1.10.0.tar.gz
+SOURCES/fapolicyd-1.1.7.tar.gz
-SOURCES/journald-1.0.5.tar.gz
+SOURCES/firewall-1.8.0.tar.gz
-SOURCES/kdump-1.3.6.tar.gz
+SOURCES/gfs2-1.0.0.tar.gz
-SOURCES/kernel_settings-1.1.17.tar.gz
+SOURCES/ha_cluster-1.19.2.tar.gz
-SOURCES/keylime_server-1.0.0.tar.gz
+SOURCES/journald-1.3.3.tar.gz
-SOURCES/logging-1.11.9.tar.gz
+SOURCES/kdump-1.4.7.tar.gz
-SOURCES/metrics-1.8.6.tar.gz
+SOURCES/kernel_settings-1.3.2.tar.gz
-SOURCES/nbde_client-1.2.14.tar.gz
+SOURCES/keylime_server-1.1.5.tar.gz
-SOURCES/nbde_server-1.3.8.tar.gz
+SOURCES/logging-1.13.4.tar.gz
-SOURCES/network-1.13.1.tar.gz
+SOURCES/metrics-1.10.6.tar.gz
-SOURCES/podman-1.3.2.tar.gz
+SOURCES/nbde_client-1.3.0.tar.gz
-SOURCES/postfix-1.3.8.tar.gz
+SOURCES/nbde_server-1.4.7.tar.gz
-SOURCES/postgresql-1.1.0.tar.gz
+SOURCES/network-1.16.4.tar.gz
-SOURCES/rhc-1.2.4.tar.gz
+SOURCES/podman-1.6.4.tar.gz
-SOURCES/selinux-1.6.1.tar.gz
+SOURCES/postfix-1.5.1.tar.gz
-SOURCES/ssh-1.2.1.tar.gz
+SOURCES/postgresql-1.3.8.tar.gz
-SOURCES/storage-1.12.3.tar.gz
+SOURCES/rhc-1.6.6.tar.gz
-SOURCES/systemd-1.0.1.tar.gz
+SOURCES/selinux-1.8.0.tar.gz
-SOURCES/timesync-1.7.6.tar.gz
+SOURCES/snapshot-1.4.1.tar.gz
-SOURCES/tlog-1.2.16.tar.gz
+SOURCES/ssh-1.5.0.tar.gz
-SOURCES/vpn-1.5.8.tar.gz
+SOURCES/storage-1.18.7.tar.gz
 SOURCES/sudo-1.1.0.tar.gz
 SOURCES/systemd-1.2.0.tar.gz
 SOURCES/timesync-1.9.0.tar.gz
 SOURCES/tlog-1.3.6.tar.gz
 SOURCES/vpn-1.6.6.tar.gz
--- a/.rhel-system-roles.metadata
+++ b/.rhel-system-roles.metadata
@ -1,31 +1,36 @@
-4ed72d2549af3a2bf5232944dcd84c4203ec1f49 SOURCES/ad_integration-1.1.3.tar.gz
+11b58e43e1b78cb75eda26724359f4d748173d5f SOURCES/ad_integration-1.4.6.tar.gz
 da646eb9ba655f1693cc950ecb5c24af39ee1af6 SOURCES/ansible-posix-1.5.4.tar.gz
-edcfa5243b2e74c50ab8fd17f514bbc9df693c06 SOURCES/ansible-sshd-v0.19.0.tar.gz
+5829f61d848d1fe52ecd1702c055eeed8ef56e70 SOURCES/ansible-sshd-v0.25.0.tar.gz
-7b34305ca31a8df71f3ecec3410c7c4d262201bd SOURCES/auto-maintenance-e010c878833e363195dd707d1334ff48a254b092.tar.gz
+56fbd9160cf34bbc1f251bfbe3dee5dcbf12cecc SOURCES/auto-maintenance-1.88.9.tar.gz
-4483962040f0c29fa9c80950dc403ce7e9f17ed7 SOURCES/certificate-1.2.1.tar.gz
+7ae4b79529d14c0c8958cf9633f8d560d718f4e7 SOURCES/bootloader-1.0.7.tar.gz
-4ed2794a781e7976ff2a0b4c6abbf008859ef982 SOURCES/cockpit-1.4.7.tar.gz
+45ba484be2962e9fd70dbf09bb5e34a900e000cb SOURCES/certificate-1.3.6.tar.gz
-ee7868c57b3d1ce170b61a1d42c840ba1428aeac SOURCES/community-general-7.3.0.tar.gz
+15677bec6ddafb75911d7c29fe1eb1c24b9b4f1c SOURCES/cockpit-1.5.10.tar.gz
-711423c6503c1e137d7c38b6a0718e5768f40d21 SOURCES/containers-podman-1.10.3.tar.gz
+06964c4eefee9b942425e479324b781d88885e82 SOURCES/community-general-9.3.0.tar.gz
-aee5eb307f5a40a8a222a0dd7713b230bc3324a7 SOURCES/crypto_policies-1.2.11.tar.gz
+2c0a98aedb2c031bfc94609bc9553d192224b159 SOURCES/containers-podman-1.15.4.tar.gz
-81ac41f0c7d06dbb92d70b8d9a0a0b0a6474411c SOURCES/firewall-1.6.3.tar.gz
+fbf7f7a452d72dc0f884947da98795082042782e SOURCES/crypto_policies-1.4.0.tar.gz
-aa11011e00fe8a86999688149d60f5d0a4ed5cbf SOURCES/ha_cluster-1.10.0.tar.gz
+5c0ecbe8246a0d8dde0930ef111f1c17a4976797 SOURCES/fapolicyd-1.1.7.tar.gz
-88e721b5d804f00e7b044310d47b2dd40ac83f8f SOURCES/journald-1.0.5.tar.gz
+f4eb8ea59532a630408593594ded54cbd2eaf04f SOURCES/firewall-1.8.0.tar.gz
-64680ec0f3ea03fc5c0a5792ceeaa193d6154fdd SOURCES/kdump-1.3.6.tar.gz
+cc1a45ba4a6a0b34186197599f02cbb437c5abbd SOURCES/gfs2-1.0.0.tar.gz
-43338d3ffdc79961564504822a84462cefa8ff5a SOURCES/kernel_settings-1.1.17.tar.gz
+8ecc501560bc115deeb72797dfb8a63b583a3a48 SOURCES/ha_cluster-1.19.2.tar.gz
-81b0e4e1f71f01a008181494eefc542506cd3823 SOURCES/keylime_server-1.0.0.tar.gz
+0541cf78ef043606ecb97fadc97046645c9f0857 SOURCES/journald-1.3.3.tar.gz
-0963ecef1330048c25bb9a778b5ac15c24e77df2 SOURCES/logging-1.11.9.tar.gz
+4a61f3e6e5ed0ed6bcbb4ac400ecdce1ae3cd679 SOURCES/kdump-1.4.7.tar.gz
-af61299d39b4a7d5e37507a898ddba55e3f053d6 SOURCES/metrics-1.8.6.tar.gz
+75c64569c8b89435f8d0907e9c057ea142d86a4e SOURCES/kernel_settings-1.3.2.tar.gz
-b8c7ff7dadbd84aeb13e94c4be3be0f8ee9549cd SOURCES/nbde_client-1.2.14.tar.gz
+7dc7288b26c73e19ed0b0a723cafd43e8bdf2be8 SOURCES/keylime_server-1.1.5.tar.gz
-a5d2a5afd45447edb17f6a9615eabb80501e61f3 SOURCES/nbde_server-1.3.8.tar.gz
+4825923fc0fa29e80c08864b0afc50e2e075be91 SOURCES/logging-1.13.4.tar.gz
-fe9426eaf3e7a5a31ebe5707e4a17770bca7a6b6 SOURCES/network-1.13.1.tar.gz
+b0b4b0af1872dc7bdd3c36e4ff40547a31cc4ed0 SOURCES/metrics-1.10.6.tar.gz
-8b49515b4c5d8b1f5e06be6c7fdeff7ab622c495 SOURCES/podman-1.3.2.tar.gz
+544c5c9e53beef034b0d39ecf944e0bb13231535 SOURCES/nbde_client-1.3.0.tar.gz
-b91070ba6fa7b4a9072aa2d1a2ef4b169aab0f00 SOURCES/postfix-1.3.8.tar.gz
+caa3786c527a633d42278cb0b1d0c4ae37506237 SOURCES/nbde_server-1.4.7.tar.gz
-504cde6540ff1b5527b2ddf9aa90a95e29d7ffc3 SOURCES/postgresql-1.1.0.tar.gz
+d41648a85e772f0a69ec1726595e2c33fac1d2e2 SOURCES/network-1.16.4.tar.gz
-a6097168bd1b54a46be8b5f4adfdab9b5ec8ddb5 SOURCES/rhc-1.2.4.tar.gz
+9c34efd3ec797a50e8eb47f8a559e537fde33f40 SOURCES/podman-1.6.4.tar.gz
-bb2a5e711233e527d0a11914bd566f47a2cfe9e6 SOURCES/selinux-1.6.1.tar.gz
+29bc04e0b7e231251360f86d9cbcaa6841d8a3ba SOURCES/postfix-1.5.1.tar.gz
-c03dbda563ec7d3c2ae2c7bfd6aab88c6c19fbac SOURCES/ssh-1.2.1.tar.gz
+9bd35cfa10bc5a3eb9f467e6114ae6dcebb55a01 SOURCES/postgresql-1.3.8.tar.gz
-84085e0f750181aee340e02258fd5888d563698e SOURCES/storage-1.12.3.tar.gz
+b6932d2f66bfba15257d3f6d23f02e028eaa0638 SOURCES/rhc-1.6.6.tar.gz
-1c7ac80df7288f7d3469e376316305eadd2dc2dc SOURCES/systemd-1.0.1.tar.gz
+9498596941d29a96c84e122e047f87e95788be7e SOURCES/selinux-1.8.0.tar.gz
-e4fe253906ffd7ce2ecca71a63a0e96e5f562e0c SOURCES/timesync-1.7.6.tar.gz
+4dc75265463cbf83c9779c65bd177ed204300aee SOURCES/snapshot-1.4.1.tar.gz
-544d0591a0ae73b73c1ab5bc280cdc8d5598f322 SOURCES/tlog-1.2.16.tar.gz
+b6acf6754f53c7dfda709060a1730ab7ff6d2009 SOURCES/ssh-1.5.0.tar.gz
-1d959b0b5f6bd261d392b0740fd86915c7b35c17 SOURCES/vpn-1.5.8.tar.gz
+0266534ede746114046b1158c61bccf8bc60d8e4 SOURCES/storage-1.18.7.tar.gz
 4e03fa316429b024931e09962827f89b2e345462 SOURCES/sudo-1.1.0.tar.gz
 b1e978dfed627fcdf885899416d239ee8a061fc8 SOURCES/systemd-1.2.0.tar.gz
 0a9df710ddd8a43e74cbd77e4414d5ea7e90d7b9 SOURCES/timesync-1.9.0.tar.gz
 789253ee36294f77dd8be3de42c973956dd86fbb SOURCES/tlog-1.3.6.tar.gz
 82e444fc7ed54b874f7b0b3c40e22b307b6c0924 SOURCES/vpn-1.6.6.tar.gz
--- a/SOURCES/0001-fix-use-command-stdin-for-password-and-do-not-log-pa.patch
+++ b/SOURCES/0001-fix-use-command-stdin-for-password-and-do-not-log-pa.patch
@ -1,127 +0,0 @@
 From 1931ebccaa146bd6ee8365c664ab62d294adaa31 Mon Sep 17 00:00:00 2001
 From: Rich Megginson <rmeggins@redhat.com>
 Date: Fri, 18 Aug 2023 12:35:44 -0600
 Subject: [PATCH] fix: use command stdin for password, and do not log password
 Cause: The code was constructing the realm join command to be passed
 via the shell module, including piping the password into the command,
 and was showing the command, including the password, when using
 check mode.
 Consequence: The clear text password was available in the logs when
 using check mode.
 Fix: Use command with stdin for the password instead of shell.  The
 password is not part of the command.  command with stdin is more
 secure than using shell.  The debug output has been changed to
 show the command with the `ad_integration_join_parameters` removed,
 because we cannot know if those parameters contain data which should
 not be logged.  Those parameters will still be passed to the actual
 realm join command.
 Result: The password is not logged.  The role is more secure.
 Signed-off-by: Rich Megginson <rmeggins@redhat.com>
 ---
 tasks/main.yml | 57 ++++++++++++++++++++++++++++----------------------
 1 file changed, 32 insertions(+), 25 deletions(-)
 diff --git a/tasks/main.yml b/tasks/main.yml
 index fe2602e..265c6fe 100644
 --- a/tasks/main.yml
 +++ b/tasks/main.yml
@@ -3,8 +3,7 @@
 - name: Ensure that mandatory variable ad_integration_realm is available
   fail:
     msg: Variable ad_integration_realm must be provided!
 -  when:
 -    - not ad_integration_realm
 +  when: not ad_integration_realm
 - name: Assume managing timesync if timesource is set
   set_fact:
@@ -26,8 +25,7 @@
 - name: Assume managing crypto policies if allow_rc4_crypto is set
   set_fact:
     ad_integration_manage_crypto_policies: true
 -  when:
 -    - ad_integration_allow_rc4_crypto | bool
 +  when: ad_integration_allow_rc4_crypto | bool
 - name: Ensure manage_crypt_policies is set with crypto_allow_rc4
   fail:
@@ -141,41 +139,50 @@
 - name: Build Command - Join to a specific Domain Controller
   set_fact:
 -    __ad_integration_join_command: |
 -      set -euo pipefail
 -      echo {{ ad_integration_password | quote }} | realm join -U \
 -        {{ ad_integration_user | quote }} --membership-software \
 -        {{ ad_integration_membership_software | quote }} \
 -        {{ ad_integration_join_parameters }} \
 -        {{ ad_integration_join_to_dc | quote }}
 +    __ad_integration_join_command: >-
 +      realm join -U {{ ad_integration_user | quote }} --membership-software
 +      {{ ad_integration_membership_software | quote }}
 +      {{ ad_integration_join_parameters }}
 +      {{ ad_integration_join_to_dc | quote }}
 +    __ad_integration_debug_command: >-
 +      realm join -U {{ ad_integration_user | quote }} --membership-software
 +      {{ ad_integration_membership_software | quote }}
 +      {{ ad_integration_join_to_dc | quote }}
   no_log: true
 -  when:
 -    - ad_integration_join_to_dc is not none
 +  when: ad_integration_join_to_dc is not none
 - name: Build Join Command - Perform discovery-based realm join operation
   set_fact:
 -    __ad_integration_join_command: |
 -      set -euo pipefail
 -      echo {{ ad_integration_password | quote }} | realm join -U \
 -        {{ ad_integration_user | quote }} --membership-software \
 -        {{ ad_integration_membership_software | quote }} \
 -        {{ ad_integration_join_parameters }} \
 -        {{ ad_integration_realm | quote }}
 +    __ad_integration_join_command: >-
 +      realm join -U {{ ad_integration_user | quote }} --membership-software
 +      {{ ad_integration_membership_software | quote }}
 +      {{ ad_integration_join_parameters }}
 +      {{ ad_integration_realm | quote }}
 +    __ad_integration_debug_command: >-
 +      realm join -U {{ ad_integration_user | quote }} --membership-software
 +      {{ ad_integration_membership_software | quote }}
 +      {{ ad_integration_realm | quote }}
   no_log: true
 -  when:
 -    - ad_integration_join_to_dc is none
 +  when: ad_integration_join_to_dc is none
 - name: Show the join command for debug
   debug:
 -    msg: "Would run: '{{ __ad_integration_join_command }}'"
 +    msg:
 +      - >-
 +        Would run the following command. Note that
 +        ad_integration_join_parameters have been removed for security purposes,
 +        the role will pass them to the actual realm join command when running
 +        without check mode.
 +      - "{{ __ad_integration_debug_command }}"
   when:
     - ad_integration_join_to_dc == __ad_integration_sample_dc
       or ad_integration_realm == __ad_integration_sample_realm
       or ansible_check_mode
 - name: Run realm join command
 -  # noqa command-instead-of-shell
 -  shell: "{{ __ad_integration_join_command }}"
 +  command: "{{ __ad_integration_join_command }}"
 +  args:
 +    stdin: "{{ ad_integration_password }}"
   no_log: true
   when:
     - ad_integration_join_to_dc != __ad_integration_sample_dc
 -- 
 2.41.0
--- a/SOURCES/CHANGELOG.md
+++ b/SOURCES/CHANGELOG.md
@ -1,5 +1,105 @@
 Changelog
 =========
 [1.88.9] - 2024-09-13
 ### New Features
 - [bootloader - bootloader role tests do not work on ostree](https://issues.redhat.com/browse/RHEL-26714)
 - [gfs2 - add gfs2 system role](https://issues.redhat.com/browse/RHEL-34214)
 - [ha_cluster - [RFE] rhel_system_roles.ha_cluster - Utilization Support](https://issues.redhat.com/browse/RHEL-33532)
 - [ha_cluster - [RFE] ha_cluster_node_options allows per-node addresses and SBD options to be set](https://issues.redhat.com/browse/RHEL-30111)
 - [ha_cluster - [RFE] make it easier to install cloud agents](https://issues.redhat.com/browse/RHEL-27186)
 - [ha_cluster - [RFE] rhel_system_roles.ha_cluster - ACL Support](https://issues.redhat.com/browse/RHEL-17271)
 - [ha_cluster - alerts support](https://issues.redhat.com/browse/RHEL-49596)
 - [journald - feat: Add options for rate limit interval and burst](https://issues.redhat.com/browse/RHEL-30170)
 - [logging - RFE - system-roles - logging: Add truncate options for local file inputs](https://issues.redhat.com/browse/RHEL-46590)
 - [logging - redhat.rhel_system_roles.logging role fails to process logging_outputs: of type: "custom"](https://issues.redhat.com/browse/RHEL-40273)
 - [logging - [RFE] Add the umask settings or enable a variable in linux-system-roles.logging](https://issues.redhat.com/browse/RHEL-34935)
 - [nbde_client - feat: Allow initrd configuration to be skipped](https://issues.redhat.com/browse/RHEL-45717)
 - [network - support route src parameter](https://issues.redhat.com/browse/RHEL-3252)
 - [podman - feat: manage TLS cert/key files for registry connections and validate certs](https://issues.redhat.com/browse/RHEL-33547)
 - [podman - podman role should support default credentials and per-unit credentials](https://issues.redhat.com/browse/RHEL-30185)
 - [podman - podman role should support containers-auth.json](https://issues.redhat.com/browse/RHEL-30183)
 - [postfix - feat: Added postfix_files feature as a simple means to add extra files/maps to config](https://issues.redhat.com/browse/RHEL-46854)
 - [snapshot - feat: rewrite snapshot.py as an Ansible module / add support for thin origins](https://issues.redhat.com/browse/RHEL-48227)
 - [ssh - feat: Add new configuration options and remove false positives in the test](https://issues.redhat.com/browse/RHEL-40180)
 - [storage - [RFE] manage stratis](https://issues.redhat.com/browse/RHEL-31854)
 - [storage - [RHEL9][RFE] resize LVM PVs](https://issues.redhat.com/browse/RHEL-14862)
 - [storage - Fingerprint storage RHEL System Role managed config files](https://issues.redhat.com/browse/RHEL-30888)
 - [sudo - Add sudo system role](https://issues.redhat.com/browse/RHEL-37549)
 ### Bug Fixes
 - [ - package rhel-system-roles.noarch does not provide docs for ansible-doc](https://issues.redhat.com/browse/RHEL-18075)
 - [ad_integration - fix: Sets domain name lower case in realmd.conf section header](https://issues.redhat.com/browse/RHEL-28658)
 - [bootloader - fix: Set user.cfg path to /boot/grub2/ on EL 9 UEFI](https://issues.redhat.com/browse/RHEL-39996)
 - [cockpit - cockpit install all wildcard match does not work in newer el9](https://issues.redhat.com/browse/RHEL-41090)
 - [ha_cluster - Fix inconsistent approach for multiple `attributes.attrs` in `ha_cluster_node_options`](https://issues.redhat.com/browse/RHEL-33076)
 - [ha_cluster - Fixes for new pcs and ansible](https://issues.redhat.com/browse/RHEL-55295)
 - [kernel_settings - fix: Use tuned files instead of using it as a module](https://issues.redhat.com/browse/RHEL-53896)
 - [logging - Setup imuxsock using rhel-system-roles.logging causing an error](https://issues.redhat.com/browse/RHEL-35561)
 - [network - Fix testing Failures due to connection.autoconnect-ports Unknown Property](https://issues.redhat.com/browse/RHEL-32872)
 - [network - Make sure that the network role CI is solid robust](https://issues.redhat.com/browse/RHEL-25264)
 - [podman - fix: proper cleanup for networks; ensure cleanup of resources](https://issues.redhat.com/browse/RHEL-50102)
 - [podman - fix: grab name of network to remove from quadlet file](https://issues.redhat.com/browse/RHEL-40761)
 - [podman - Create podman secret when skip_existing=True and it does not exist](https://issues.redhat.com/browse/RHEL-39438)
 - [podman - fix: do not use become for changing hostdir ownership, and expose subuid/subgid info](https://issues.redhat.com/browse/RHEL-32464)
 - [podman - fix: use correct user for cancel linger file name](https://issues.redhat.com/browse/RHEL-32382)
 - [podman - fails to configure and run containers with podman rootless using different username and groupname](https://issues.redhat.com/browse/RHEL-56626)
 - [rhc - fix: drop usage of "auto_attach" of the "redhat_subscription" module](https://issues.redhat.com/browse/RHEL-53902)
 - [sshd - second SSHD service broken](https://issues.redhat.com/browse/RHEL-29309)
 - [storage - [RHEL8 ] var unused_disks get different sector size disks   ](https://issues.redhat.com/browse/RHEL-25994)
 - [storage - rhel-system-role.storage is not idempotent](https://issues.redhat.com/browse/RHEL-25777)
 [1.23.0] - 2024-01-15
 ----------------------------
 ### New Features
 - [Use .README.html in spec instead of generating it](https://issues.redhat.com/browse/RHEL-5346)
 - [RHEL for Edge support in system roles](https://issues.redhat.com/browse/RHEL-3253)
 - [ad_integration - feat: Add sssd custom settings](https://issues.redhat.com/browse/RHEL-17668)
 - [ad_integration - Enable AD dynamic DNS updates](https://issues.redhat.com/browse/RHEL-1118)
 - [ad_integration - feat: add ad_integration_preserve_authselect_profile](https://issues.redhat.com/browse/RHEL-21382)
 - [ad_integration - feat: Add SSSD parameters support](https://issues.redhat.com/browse/RHEL-21133)
 - [bootloader - Create bootloader role (MVP)](https://issues.redhat.com/browse/RHEL-16336)
 - [fapolicyd - feat: Import code for fapolicyd system role](https://issues.redhat.com/browse/RHEL-16541)
 - [ha_cluster - [RFE] HA Cluster system role should be able to enable Resilient Storage repository](https://issues.redhat.com/browse/RHEL-15910)
 - [ha_cluster - [FutureFeature] Allow ha_cluster role to configure all qdevice options](https://issues.redhat.com/browse/RHEL-15908)
 - [ha_cluster - [FutureFeature] Allow ha_cluster role to configure fencing topology](https://issues.redhat.com/browse/RHEL-15876)
 - [ha_cluster - Setting cluster members attributes](https://issues.redhat.com/browse/RHEL-22106)
 - [journald - feat: Add support for ForwardToSyslog](https://issues.redhat.com/browse/RHEL-21117)
 - [logging - feat: Add support for the global config option preserveFQDN](https://issues.redhat.com/browse/RHEL-15932)
 - [logging - feat: Add support for general queue and general action parameters](https://issues.redhat.com/browse/RHEL-15439)
 - [metrics - [RFE] Metrics system role support for configuring PMIE webhooks](https://issues.redhat.com/browse/RHEL-13760)
 - [network - Add blackhole type route](https://issues.redhat.com/browse/RHEL-19579)
 - [postgresql - feat: Enable support for Postgresql 16](https://issues.redhat.com/browse/RHEL-18962)
 - [rhc - support RHEL 7 managed nodes](https://issues.redhat.com/browse/RHEL-16976)
 - [rhc - new rhc_insights.ansible_host parameter](https://issues.redhat.com/browse/RHEL-16974)
 - [rhc - new rhc_insights.display_name parameter](https://issues.redhat.com/browse/RHEL-16964)
 - [snapshot - New Role for storage snapshot management (lvm, etc.)](https://issues.redhat.com/browse/RHEL-16552)
 - [sshd - ansible-sshd Manage SSH certificates](https://issues.redhat.com/browse/RHEL-5972)
 - [storage - feat: Support for creating volumes without a FS](https://issues.redhat.com/browse/RHEL-16212)
 - [storage - Basic support for creating shared logical volumes](https://issues.redhat.com/browse/RHEL-1535)
 ### Bug Fixes
 - [ha_cluster - high-availability firewall service is not added on qdevice node](https://issues.redhat.com/browse/RHEL-17875)
 - [ha_cluster - Timeout issue between SBD with delay-start and systemd unit](https://issues.redhat.com/browse/RHEL-18026)
 - [kdump - fix: retry read of kexec_crash_size](https://issues.redhat.com/browse/RHEL-3353)
 - [keylime_server - won't detect registrar start failure](https://issues.redhat.com/browse/RHEL-15909)
 - [logging - fix: check that logging_max_message_size is set, not rsyslog_max_message_size](https://issues.redhat.com/browse/RHEL-15037)
 - [logging - fix: avoid conf of RatelimitBurst when RatelimitInterval is zero](https://issues.redhat.com/browse/RHEL-19046)
 - [nbde_server - fix: Allow tangd socket override directory to be managed outside of the role](https://issues.redhat.com/browse/RHEL-25508)
 - [network - Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"](https://issues.redhat.com/browse/RHEL-1683)
 - [podman - fix: add no_log: true for tasks that can log secret data](https://issues.redhat.com/browse/RHEL-19241)
 - [podman - fix: cast secret data to string in order to allow JSON valued strings](https://issues.redhat.com/browse/RHEL-22309)
 - [podman - fix: name of volume quadlet service should be basename-volume.service](https://issues.redhat.com/browse/RHEL-21401)
 - [podman - fix: user linger needed before secrets](https://issues.redhat.com/browse/RHEL-22228)
 - [postgresql - unable to install PostgreSQL version 15 on RHEL](https://issues.redhat.com/browse/RHEL-5274)
 - [selinux - fix: Use `ignore_selinux_state` module option](https://issues.redhat.com/browse/RHEL-15870)
 - [selinux - fix: Print an error message when module to be created doesn't exist](https://issues.redhat.com/browse/RHEL-19043)
 - [selinux - fix: no longer use "item" as a loop variable](https://issues.redhat.com/browse/RHEL-19040)
 [1.22.0] - 2023-08-15
 ----------------------------
--- a/SOURCES/extrasources.inc
+++ b/SOURCES/extrasources.inc
@ -1,10 +1,10 @@
 Source801: https://galaxy.ansible.com/download/ansible-posix-1.5.4.tar.gz
-Source901: https://galaxy.ansible.com/download/community-general-7.3.0.tar.gz
+Source901: https://galaxy.ansible.com/download/community-general-9.3.0.tar.gz
-Source902: https://galaxy.ansible.com/download/containers-podman-1.10.3.tar.gz
+Source902: https://galaxy.ansible.com/download/containers-podman-1.15.4.tar.gz
 Provides: bundled(ansible-collection(ansible.posix)) = 1.5.4
-Provides: bundled(ansible-collection(community.general)) = 7.3.0
+Provides: bundled(ansible-collection(community.general)) = 9.3.0
-Provides: bundled(ansible-collection(containers.podman)) = 1.10.3
+Provides: bundled(ansible-collection(containers.podman)) = 1.15.4
 Source996: CHANGELOG.rst
 Source998: collection_readme.sh
--- a/SOURCES/vendoring-build.inc
+++ b/SOURCES/vendoring-build.inc
@ -1,104 +1,152 @@
-# Unpack tar.gz to retrieve to be vendored modules and place them in the roles library.
+# maps the source file to the roles that use that file
-# ansible.posix:
+# value can be string or space delimited list of strings
-#   - library:
+# role name `__collection` means - do not vendor into
-#     - Module selinux and seboolean for the selinux role
+# role, just vendor directly into the collection
-#     - Module mount for the storage role
+declare -A plugin_map=(
-declare -A module_map=( ["selinux.py"]="selinux" ["seboolean.py"]="selinux" ["mount.py"]="storage" )
+  [ansible/posix/plugins/modules/selinux.py]=selinux
-for module in "${!module_map[@]}"; do
+  [ansible/posix/plugins/modules/seboolean.py]=selinux
-  role="${module_map[${module}]}"
+  [ansible/posix/plugins/modules/mount.py]=storage
-  if [ ! -d $role/library ]; then
+  [ansible/posix/plugins/modules/rhel_facts.py]=__collection
-    mkdir $role/library
+  [ansible/posix/plugins/modules/rhel_rpm_ostree.py]=__collection
-  fi
+  [ansible/posix/plugins/module_utils/mount.py]=storage
-  cp -pL .external/ansible/posix/plugins/modules/$module $role/library/$module
+  [community/general/plugins/modules/ini_file.py]="tlog ad_integration"
-  sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' -e "s/ansible_collections.ansible.posix.plugins.module_utils/ansible.module_utils.${role}_lsr/" $role/library/$module
+  [community/general/plugins/modules/modprobe.py]=ha_cluster
-done
+  [community/general/plugins/modules/redhat_subscription.py]=rhc
  [community/general/plugins/modules/rhsm_release.py]=rhc
  [community/general/plugins/modules/rhsm_repository.py]=rhc
  [community/general/plugins/modules/seport.py]=selinux
  [community/general/plugins/modules/sefcontext.py]=selinux
  [community/general/plugins/modules/selogin.py]=selinux
  [containers/podman/plugins/modules/podman_container_info.py]=podman
  [containers/podman/plugins/modules/podman_image.py]=podman
  [containers/podman/plugins/modules/podman_play.py]=podman
  [containers/podman/plugins/modules/podman_secret.py]=podman
  [containers/podman/plugins/module_utils/podman/common.py]=podman
  [containers/podman/plugins/module_utils/podman/quadlet.py]=podman
 )
 # fix the following issue
 # ERROR: Found 1 pylint issue(s) which need to be resolved:
 # ERROR: plugins/modules/rhsm_repository.py:263:8: wrong-collection-deprecated: Wrong collection name ('community.general') found in call to Display.deprecated or AnsibleModule.deprecate
 sed "s/collection_name='community.general'/collection_name='%{collection_namespace}.%{collection_name}'/" \
  -i .external/community/general/plugins/modules/rhsm_repository.py
-# ansible.posix:
+fix_module_documentation() {
-#   - module_utils:
+  local module_src doc_fragment_name df_dest_dir
-#     - Module_util mount for the storage role
+  local -a paths
-module_map=( ["mount.py"]="storage" )
+  module_src=".external/$1"
-for module in "${!module_map[@]}"; do
+  sed ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- "WARNING: Do not use this plugin directly! It is only for role internal use."\n\1/' \
-  role="${module_map[${module}]}"
+    -i "$module_src"
-  if [ ! -d $role/module_utils/${role}_lsr ]; then
+  # grab documentation fragments
-    mkdir -p $role/module_utils/${role}_lsr
+  for doc_fragment_name in $(awk -F'[ -]+' '/^extends_documentation_fragment:/ {reading = 1; next}; /^[ -]/ {if (reading) {print $2}; next}; /^[^ -]/ {if (reading) {exit}}' "$module_src"); do
    if [ "$doc_fragment_name" = files ]; then continue; fi  # this one is built-in
    df_dest_dir="%{collection_build_path}/plugins/doc_fragments"
    if [ ! -d "$df_dest_dir" ]; then
      mkdir -p "$df_dest_dir"
    fi
-  cp -pL .external/ansible/posix/plugins/module_utils/$module $role/module_utils/${role}_lsr/$module
+    paths=(${doc_fragment_name//./ })
    # if we ever have two different collections that have the same doc_fragment name
    # with different contents, we will be in trouble . . .
    # will have to make the doc fragment files unique, then edit $dest to use
    # the unique name
    cp ".external/${paths[0]}/${paths[1]}/plugins/doc_fragments/${paths[2]}.py" "$df_dest_dir"
  done
 }
-# community.general:
+declare -a modules mod_utils collection_plugins
-#   - library:
+declare -A dests
-#     - Module seport, sefcontext and selogin for the selinux role rolename2
+# vendor in plugin files - fix documentation, fragments
-#     - Module ini_file for role tlog
+for src in "${!plugin_map[@]}"; do
-#     - rhc modules
+  roles="${plugin_map["$src"]}"
-#     - ha_cluster uses modprobe
+  if [ "$roles" = __collection ]; then
-module_map=( ["seport.py"]="selinux" ["sefcontext.py"]="selinux" ["selogin.py"]="selinux" ["ini_file.py"]="tlog"
+    collection_plugins+=("$src")
-  ["redhat_subscription.py"]="rhc" ["rhsm_release.py"]="rhc" ["rhsm_repository.py"]="rhc"
+    case "$src" in
-  ["modprobe.py"]="ha_cluster" )
+    */plugins/modules/*) fix_module_documentation "$src";;
-for module in "${!module_map[@]}"; do
+    esac
-  role="${module_map[${module}]}"
+  else
-  if [ ! -d $role/library ]; then
+    case "$src" in
-    mkdir $role/library
+    */plugins/modules/*) srcdir=plugins/modules; subdir=library; modules+=("$src"); fix_module_documentation "$src";;
    */plugins/module_utils/*) srcdir=plugins/module_utils; mod_utils+=("$src") ;;
    */plugins/action/*) srcdir=plugins/action ;;
    esac
  fi
-  # version 5.x seems to be broken?
+  for role in $roles; do
-  moduledir=.external/community/general/plugins/modules
+    if [ "$role" = __collection ]; then
-  if [ ! -f $moduledir/$module ]; then
+      dest="%{collection_build_path}/plugins${src/#*plugins/}"
-    moduledir=.external/community/general/plugins/modules/system
+      dests["$dest"]=__collection
    else
      case "$src" in
      */plugins/module_utils/*) subdir="module_utils/${role}_lsr" ;;
      esac
      dest="$role/${src/#*${srcdir}/${subdir}}"
      dests["$dest"]="$role"
    fi
-  if [ ! -f $moduledir/$module ]; then
+    destdir="$(dirname "$dest")"
-    moduledir=.external/community/general/plugins/modules/files
+    if [ ! -d "$destdir" ]; then
      mkdir -p "$destdir"
    fi
-  cp -pL $moduledir/$module $role/library/$module
+    cp -pL ".external/$src" "$dest"
  ls -alrtF $role/library/$module
  sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' $role/library/$module
  # Remove doc_fragments
  sed -i '/^extends_documentation_fragment:/,/^[^ -]/{/^extends/d;/^[ -]/d}' $role/library/$module
  done
 # containers.podman:
 #   - library:
 #     - Module podman_container_info, podman_image and podman_play for the podman role
 module_map=( ["podman_container_info.py"]="podman" ["podman_image.py"]="podman" ["podman_play.py"]="podman"
  ["podman_secret.py"]="podman" )
 for module in "${!module_map[@]}"; do
  role="${module_map[${module}]}"
  if [ ! -d $role/library ]; then
    mkdir $role/library
  fi
  moduledir=.external/containers/podman/plugins/modules
  cp -pL $moduledir/$module $role/library/$module
  ls -alrtF $role/library/$module
  sed -i -e ':a;N;$!ba;s/description:\n\( *\)/description:\n\1- WARNING: Do not use this module directly! It is only for role internal use.\n\1/' \
    -e "s/ansible_collections.containers.podman.plugins.module_utils.podman/ansible.module_utils.${role}_lsr/" \
    $role/library/$module
 done
 # containers.podman:
 #   - module_utils:
 #     - Module_util common for the podman role
 module_map=( ["common.py"]="podman" )
 for module in "${!module_map[@]}"; do
  role="${module_map[${module}]}"
  if [ ! -d $role/module_utils/${role}_lsr ]; then
    mkdir -p $role/module_utils/${role}_lsr
  fi
  cp -pL .external/containers/podman/plugins/module_utils/podman/$module $role/module_utils/${role}_lsr/$module
 done
 # remove the temporary .external directory after vendoring
 rm -rf .external
 # fix python imports to point from the old name to the new name
 for dest in "${!dests[@]}"; do
  role="${dests["$dest"]}"
  for module in "${modules[@]}"; do
    python_name="$(dirname "$module")"
    python_name="${python_name////[.]}"
    sed -e "s/ansible_collections[.]${python_name}[.]/ansible.modules./" -i "$dest"
  done
  for mod_util in "${mod_utils[@]}"; do
    # some mod_utils have subdirs, some do not
    split=(${mod_util//// })
    python_name="ansible_collections[.]${split[0]}[.]${split[1]}[.]plugins[.]module_utils[.]"
    sed -e "s/${python_name}/ansible.module_utils.${role}_lsr./" -i "$dest"
  done
  for plugin in "${collection_plugins[@]}"; do
    python_name="$(dirname "$plugin")"
    dest_python_name="%{collection_namespace}/%{collection_name}/plugins${python_name/#*plugins/}"
    src_python_name="ansible_collections.${python_name////[.]}"
    dest_python_name="ansible_collections.${dest_python_name////.}"
    sed -e "s/${src_python_name}/${dest_python_name}/" -i "$dest"
  done
 done
 # Replacing "linux-system-roles.rolename" with "rhel-system-roles.rolename" in each role
 # Replacing "fedora.linux_system_roles." with "redhat.rhel_system_roles" in each role
 # This is for the "roles calling other roles" case
 # for podman, change the FQCN - using a non-FQCN module name doesn't seem to work,
 # even for the legacy role format
 # replace community.general for rhc
 for rolename in %{rolenames}; do
-    find $rolename -type f -exec \
+  find "$rolename" -type f -exec \
    sed -e "s/linux-system-roles[.]${rolename}\\>/%{roleinstprefix}${rolename}/g" \
        -e "s/fedora[.]linux_system_roles[.]/%{collection_namespace}.%{collection_name}./g" \
        -e "s/containers[.]podman[.]/%{collection_namespace}.%{collection_name}./g" \
        -e "s/community[.]general[.]/%{collection_namespace}.%{collection_name}./g" \
        -e "s/ansible[.]posix[.]/%{collection_namespace}.%{collection_name}./g" \
        -i {} \;
 done
 # add ansible-test ignores needed due to vendoring
 for ansible_ver in 2.14 2.15 2.16; do
  ignore_file="podman/.sanity-ansible-ignore-${ansible_ver}.txt"
  cat >> "$ignore_file" <<EOF
 plugins/module_utils/podman_lsr/podman/quadlet.py compile-2.7!skip
 plugins/module_utils/podman_lsr/podman/quadlet.py import-2.7!skip
 plugins/modules/podman_image.py import-2.7!skip
 plugins/modules/podman_play.py import-2.7!skip
 EOF
 done
 # these platforms still use python 3.5
 for ansible_ver in 2.14 2.15; do
  ignore_file="podman/.sanity-ansible-ignore-${ansible_ver}.txt"
  cat >> "$ignore_file" <<EOF
 plugins/module_utils/podman_lsr/podman/quadlet.py compile-3.5!skip
 plugins/module_utils/podman_lsr/podman/quadlet.py import-3.5!skip
 plugins/modules/podman_image.py import-3.5!skip
 plugins/modules/podman_play.py import-3.5!skip
 EOF
 done
--- a/SPECS/linux-system-roles.spec
+++ b/SPECS/linux-system-roles.spec
@ -11,13 +11,10 @@ BuildRequires: ansible-core >= 2.11.0
 %bcond_with collection_artifact
-%if 0%{?fedora} || 0%{?rhel} >= 8
+# This is to avoid ansible-test errors like
-%bcond_without html
+# ERROR: lsr_role2coll_extra_script-vpn:1:1: unexpected non-module shebang: b'#!/usr/bin/bash'
-%else
+# we use /usr/bin/env bash in all of our scripts - we don't want rpm to fix them
-# pandoc is not supported in rhel 7 and older,
+%undefine __brp_mangle_shebangs
 # which is needed for converting .md to .html.
 %bcond_with html
 %endif
 %if 0%{?rhel}
 Name: rhel-system-roles
@ -26,8 +23,8 @@ Name: linux-system-roles
 %endif
 Url: https://github.com/linux-system-roles
 Summary: Set of interfaces for unified system management
-Version: 1.22.0
+Version: 1.88.9
-Release: 2%{?dist}
+Release: 0.1%{?dist}
 License: GPLv3+ and MIT and BSD and Python
 %global _pkglicensedir %{_licensedir}/%{name}
@ -41,6 +38,9 @@ License: GPLv3+ and MIT and BSD and Python
 %endif
 %global collection_version %{version}
 # this is where we stage the collection files for building
 %global collection_dest_path .collections
 %global collection_build_path %{collection_dest_path}/ansible_collections/%{collection_namespace}/%{collection_name}
 # be compatible with the usual Fedora Provides:
 Provides: ansible-collection-%{collection_namespace}-%{collection_name} = %{collection_version}-%{release}
@ -86,92 +86,107 @@ Requires: (ansible-core >= 2.11.0 or ansible >= 2.9.0)
 %%global rolestodir %%{?rolestodir} %%{roletodir%{1}}
 }
-%global mainid e010c878833e363195dd707d1334ff48a254b092
+%global mainid 1.88.9
 Source: %{url}/auto-maintenance/archive/%{mainid}/auto-maintenance-%{mainid}.tar.gz
 # BEGIN AUTOGENERATED SOURCES
 %global rolename1 postfix
-%deftag 1 1.3.8
+%deftag 1 1.5.1
 %global rolename2 selinux
-%deftag 2 1.6.1
+%deftag 2 1.8.0
 %global rolename3 timesync
-%deftag 3 1.7.6
+%deftag 3 1.9.0
 %global rolename4 kdump
-%deftag 4 1.3.6
+%deftag 4 1.4.7
 %global rolename5 network
-%deftag 5 1.13.1
+%deftag 5 1.16.4
 %global rolename6 storage
-%deftag 6 1.12.3
+%deftag 6 1.18.7
 %global rolename7 metrics
-%deftag 7 1.8.6
+%deftag 7 1.10.6
 %global rolename8 tlog
-%deftag 8 1.2.16
+%deftag 8 1.3.6
 %global rolename9 kernel_settings
-%deftag 9 1.1.17
+%deftag 9 1.3.2
 %global rolename10 logging
-%deftag 10 1.11.9
+%deftag 10 1.13.4
 %global rolename11 nbde_server
-%deftag 11 1.3.8
+%deftag 11 1.4.7
 %global rolename12 nbde_client
-%deftag 12 1.2.14
+%deftag 12 1.3.0
 %global rolename13 certificate
-%deftag 13 1.2.1
+%deftag 13 1.3.6
 %global rolename14 crypto_policies
-%deftag 14 1.2.11
+%deftag 14 1.4.0
 %global forgeorg15 https://github.com/willshersystems
 %global repo15 ansible-sshd
 %global rolename15 sshd
-%deftag 15 v0.19.0
+%deftag 15 v0.25.0
 %global rolename16 ssh
-%deftag 16 1.2.1
+%deftag 16 1.5.0
 %global rolename17 ha_cluster
-%deftag 17 1.10.0
+%deftag 17 1.19.2
 %global rolename18 vpn
-%deftag 18 1.5.8
+%deftag 18 1.6.6
 %global rolename19 firewall
-%deftag 19 1.6.3
+%deftag 19 1.8.0
 %global rolename20 cockpit
-%deftag 20 1.4.7
+%deftag 20 1.5.10
 %global rolename21 podman
-%deftag 21 1.3.2
+%deftag 21 1.6.4
 %global rolename22 ad_integration
-%deftag 22 1.1.3
+%deftag 22 1.4.6
 %global rolename23 rhc
-%deftag 23 1.2.4
+%deftag 23 1.6.6
 %global rolename24 journald
-%deftag 24 1.0.5
+%deftag 24 1.3.3
 %global rolename25 postgresql
-%deftag 25 1.1.0
+%deftag 25 1.3.8
 %global rolename26 systemd
-%deftag 26 1.0.1
+%deftag 26 1.2.0
 %global rolename27 keylime_server
-%deftag 27 1.0.0
+%deftag 27 1.1.5
 %global rolename28 fapolicyd
 %deftag 28 1.1.7
 %global rolename29 bootloader
 %deftag 29 1.0.7
 %global rolename30 snapshot
 %deftag 30 1.4.1
 %global rolename31 gfs2
 %deftag 31 1.0.0
 %global rolename32 sudo
 %deftag 32 1.1.0
 Source1: %{archiveurl1}
 Source2: %{archiveurl2}
@ -200,6 +215,11 @@ Source24: %{archiveurl24}
 Source25: %{archiveurl25}
 Source26: %{archiveurl26}
 Source27: %{archiveurl27}
 Source28: %{archiveurl28}
 Source29: %{archiveurl29}
 Source30: %{archiveurl30}
 Source31: %{archiveurl31}
 Source32: %{archiveurl32}
 # END AUTOGENERATED SOURCES
 # Includes with definitions/tags that differ between RHEL and Fedora
@ -217,21 +237,8 @@ Source1004: vendoring-build.inc
 Source995: CHANGELOG.md
 Patch2201: 0001-fix-use-command-stdin-for-password-and-do-not-log-pa.patch
 BuildArch: noarch
 %if %{with html}
 # Requirements for md2html.sh to build the documentation
 %if 0%{?fedora} || 0%{?rhel} >= 9
 BuildRequires: rubygem-kramdown-parser-gfm
 %else
 BuildRequires: pandoc
 BuildRequires: asciidoc
 BuildRequires: highlight
 %endif
 %endif
 # Requirements for galaxy_transform.py
 BuildRequires: python3
 BuildRequires: python%{python3_pkgversion}-ruamel-yaml
@ -278,7 +285,7 @@ end
 %prep
 # BEGIN AUTOGENERATED SETUP
-%setup -q -a1 -a2 -a3 -a4 -a5 -a6 -a7 -a8 -a9 -a10 -a11 -a12 -a13 -a14 -a15 -a16 -a17 -a18 -a19 -a20 -a21 -a22 -a23 -a24 -a25 -a26 -a27 -n %{getarchivedir 0}
+%setup -q -a1 -a2 -a3 -a4 -a5 -a6 -a7 -a8 -a9 -a10 -a11 -a12 -a13 -a14 -a15 -a16 -a17 -a18 -a19 -a20 -a21 -a22 -a23 -a24 -a25 -a26 -a27 -a28 -a29 -a30 -a31 -a32 -n %{getarchivedir 0}
 # END AUTOGENERATED SETUP
 # vendoring prep steps, if any
@ -297,6 +304,8 @@ for rolename in %{rolenames}; do
        fi
    fi
    mv "$dir_from_archive" ${rolename}
    # Move a hidden .README.html to a not hidden README.html
    mv $rolename/.README.html $rolename/README.html
 done
 %if 0%{?rhel}
@ -314,7 +323,7 @@ find -P tests examples -name \*.yml | while read file; do
     -e "s/ansible-sshd/linux-system-roles.sshd/" \
     -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" "$file"
 done
-sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" README.md
+sed -r -i -e "s/ willshersystems.sshd/ linux-system-roles.sshd/" README.md README.html
 sed -r -i -e 's/min_ansible_version: 2.8/min_ansible_version: "2.9"/' meta/main.yml
 cd ..
@ -331,10 +340,6 @@ if [ "$rolesdir" != "$realrolesdir" ]; then
 fi
 cd ..
 cd %{rolename22}
 %patch2201 -p1
 cd ..
 # vendoring build steps, if any
 %include %{SOURCE1004}
@ -355,45 +360,55 @@ rm %{rolename5}/tests/playbooks/roles
 # when python2 is default python.
 rm %{rolename5}/scripts/print_all_options.py
 rm %{rolename5}/tests/ensure_provider_tests.py
 # Drop storage tests/scripts
 rm -rf %{rolename6}/tests/scripts
 # fix system_roles fingerprint in "external" roles
 python3 lsr_fingerprint.py
 # transform ambiguous #!/usr/bin/env python shebangs to python3 to stop brp-mangle-shebangs complaining
 find -type f -executable -name '*.py' -exec \
     sed -i -r -e '1s@^(#! */usr/bin/env python)(\s|$)@#\13\2@' '{}' +
 %build
 # remove upstream-only documentation - for example, documentation
 # about collection dependencies is not needed in Fedora and EL RPMs
 # since the dependencies are already provided
-sed -e '/^## Requirements/,/^#/s/^See below$/None/' \
+sed -e '/# Requirements/,/^#/s/^See below$/None/' \
-    -e '/^### Collection requirements/,/^#/ {/^### Collection/d;/^#/!d}' \
+    -e '/# Collection requirements/,/^#/ {/# Collection requirements/d;/^#/!d}' \
    -i */README.md
 sed -e '/id="requirements">Requirements<\/h/,/^<h/s/See below/None/' \
    -e '/id="collection-requirements">/,/^<h/ {/id="collection-requirements">/d;/^<h/!d}' \
    -i */README.html
 for role in %{rolenames}; do
    # awk: Remove collection-requirements from README.html TOC
    # 1. If match found, add the line and -2,+1 lines' line number in an array "d".
    # 2. Save all lines in an array with line number as index
    # 3. Print only those index not in array "d"
    awk '/id="toc-collection-requirements">/{for(x=NR-2;x<=NR+1;x++)d[x];} \
        {a[NR]=$0} \
        END{for(i=1;i<=NR;i++)if(!(i in d))print a[i]}' \
        $role/README.html > $role/README.html.tmp
    mv $role/README.html.tmp $role/README.html
 done
 # sshd README is not in the same format
-sed -e '/^### Optional requirements/,/^Role variables/ {/^### Optional/d;/^Role variables/!d}' \
+sed -e '/# Optional requirements/,/# Role variables/ {/# Optional/d;/# Role variables/!d}' \
    -i sshd/README.md
 sed -e '/id="optional-requirements">/,/^<h/ {/id="optional-requirements">/d;/^<h/!d}' \
    -i sshd/README.html
 # Remove optional-requirements from README.html TOC
 awk '/id="toc-optional-requirements">/{for(x=NR-2;x<=NR+1;x++)d[x];} \
    {a[NR]=$0} \
    END{for(i=1;i<=NR;i++)if(!(i in d))print a[i]}' \
    sshd/README.html > sshd/README.html.tml
 mv sshd/README.html.tml sshd/README.html
 %if %{with html}
 # HACK HACK HACK
 # pandoc/asciidoc on rhel 8.9 does not like the journald README badge links
 # remove all of the badge links from all README.md files
 # in the first 14 lines of the file, remove any line that looks like a
 # github action badge
 # HACK HACK HACK
 readmes=""
 matchstr="actions/workflows/"
 for role in %{rolenames}; do
    # in the first 14 lines of README.md, remove any line that looks like a
    # github action badge. README.html doesn't have these lines.
    sed -e "1,14 {\\,${matchstr},d; /\!\[/d}" -i $role/README.md
    readmes="${readmes} $role/README.md"
 done
 sh md2html.sh $readmes
 %endif
-mkdir .collections
+if [ ! -d %{collection_dest_path} ]; then
  mkdir %{collection_dest_path}
 fi
 %if 0%{?rhel}
 # Convert the upstream collection readme to the downstream one
 %{SOURCE998} lsr_role2collection/collection_readme.md
@ -402,7 +417,7 @@ mkdir .collections
                      "https://linux-system-roles.github.io" \
                      "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/administration_and_configuration_tasks_using_system_roles_in_rhel" \
                      "https://access.redhat.com/articles/3050101" \
-                      "https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%208&component=rhel-system-roles" \
+                      "https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332745&summary=Your%20request%20summary&issuetype=1&priority=10200&labels=Partner-Feature-Request&components=12380283" \
                      > galaxy.yml.tmp
 # we vendor-in all of the dependencies on rhel, so remove them
 rm -f lsr_role2collection/collection_requirements.txt
@ -431,38 +446,43 @@ extra_mapping="--extra-mapping fedora.linux_system_roles:%{collection_namespace}
 extra_mapping=""
 %endif
 LANG=C.utf-8 LC_ALL=C.utf-8 %{python3} release_collection.py --galaxy-yml galaxy.yml \
-    --src-path $(pwd) --dest-path $(pwd)/.collections $includes --force --no-update \
+    --src-path $(pwd) --dest-path $(pwd)/%{collection_dest_path} $includes --keep --no-update \
    --src-owner %{name} --skip-git --skip-check --skip-changelog $extra_mapping --debug
 # Remove table of contents from logging README.md
 # It is not needed for html and AH/Galaxy
 sed -i -e 's/^\(## Table of Contents\)/## Background\n\1/' \
  .collections/ansible_collections/%{collection_namespace}/%{collection_name}/roles/logging/README.md
 sed -i -e '/^## Table of Contents/,/^## Background/d' \
  .collections/ansible_collections/%{collection_namespace}/%{collection_name}/roles/logging/README.md
 # Remove internal links from readme files
 # They are not rendered properly on AH.
 for role in %{rolenames}; do
    sed -r -i -e 's/\[([^[]+)\]\(#[^)]+\)/\1/g' \
-    .collections/ansible_collections/%{collection_namespace}/%{collection_name}/roles/$role/README.md
+    %{collection_build_path}/roles/$role/README.md
 done
 # we have removed some files - ensure that the ignore files refer only to
 # existing files
 for ignore_file in %{collection_build_path}/tests/sanity/ignore-*.txt; do
  cp "$ignore_file" "$ignore_file.tmp"
  while read -r file rest; do
    if [ ! -f "%{collection_build_path}/$file" ]; then
      sed "\,^${file} ,d" -i "$ignore_file"
    fi
  done < "$ignore_file.tmp"
  rm "$ignore_file.tmp"
 done
 # Remove test only collection dependencies
 # NOTE: These should not be in meta/collection-requirements.yml, they should be
 # in tests/collection-requirements.yml, but they can't be moved yet
 sed -i -e '/community[.]mysql:/d' -e '/community[.]postgresql:/d' \
-  .collections/ansible_collections/%{collection_namespace}/%{collection_name}/galaxy.yml
+  %{collection_build_path}/galaxy.yml
 cp %{SOURCE995} \
-    .collections/ansible_collections/%{collection_namespace}/%{collection_name}/docs/CHANGELOG.md
+    %{collection_build_path}/docs/CHANGELOG.md
 %if 0%{?rhel}
 cp %{SOURCE996} \
-    .collections/ansible_collections/%{collection_namespace}/%{collection_name}/CHANGELOG.rst
+    %{collection_build_path}/CHANGELOG.rst
 %endif
 # Build the collection
-pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/
+pushd %{collection_build_path}
 %ansible_collection_build
 popd
@ -489,10 +509,8 @@ for role in %{rolenames}; do
       "%{buildroot}%{_pkgdocdir}/$role"
    ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.md" \
       "%{buildroot}%{_pkgdocdir}/$role"
 %if %{with html}
    ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/README.html" \
       "%{buildroot}%{_pkgdocdir}/$role"
 %endif
    if [ -f "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" ]; then
        ln -sr "%{buildroot}%{ansible_roles_dir}/%{roleinstprefix}$role/COPYING" \
           "%{buildroot}%{_pkglicensedir}/$role.COPYING"
@ -532,7 +550,13 @@ done
 rm -f %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/semaphore
 rm -r %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/molecule
-rm -r %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/.[A-Za-z]*
+# remove .dot files/directories, but keep the .ostree directory
 for item in %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/.[A-Za-z]*; do
    if [ "$(basename "$item")" = .ostree ]; then
        continue
    fi
    rm -r "$item"
 done
 rm %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/tests/.git*
 # NOTE: sshd/examples/example-root-login.yml is
@ -540,7 +564,7 @@ rm %{buildroot}%{ansible_roles_dir}/%{roleinstprefix}*/tests/.git*
 # must be updated if changing the file path
 # Install the collection
-pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/
+pushd %{collection_build_path}
 %ansible_collection_install
 popd
@ -551,7 +575,7 @@ ln -sr %{buildroot}%{ansible_collection_files}%{collection_name}/README.md \
   %{buildroot}%{_pkgdocdir}/collection
 for rolename in %{rolenames}; do
-  for file in CHANGELOG.md README.md; do
+  for file in CHANGELOG.md README.md README.html; do
    if [ -f %{buildroot}%{ansible_collection_files}%{collection_name}/roles/${rolename}/$file ]; then
      if [ ! -d %{buildroot}%{_pkgdocdir}/collection/roles/${rolename} ]; then
        mkdir -p %{buildroot}%{_pkgdocdir}/collection/roles/${rolename}
@ -562,18 +586,9 @@ for rolename in %{rolenames}; do
  done
 done
 %if %{with html}
 # converting README.md to README.html for collection in %%{buildroot}%%{_pkgdocdir}/collection
 readmes="%{buildroot}%{_pkgdocdir}/collection/README.md"
 for role in %{rolenames}; do
    readmes="${readmes} %{buildroot}%{_pkgdocdir}/collection/roles/${role}/README.md"
 done
 sh md2html.sh $readmes
 %endif
 %if %{with collection_artifact}
 # Copy collection artifact to /usr/share/ansible/collections/ for collection-artifact
-pushd .collections/ansible_collections/%{collection_namespace}/%{collection_name}/
+pushd %{collection_build_path}
 mv %{collection_namespace}-%{collection_name}-%{version}.tar.gz \
   %{buildroot}%{_datadir}/ansible/collections/
 popd
@ -672,6 +687,277 @@ find %{buildroot}%{ansible_roles_dir} -mindepth 1 -maxdepth 1 | \
 %endif
 %changelog
 * Fri Sep 13 2024 Rich Megginson <rmeggins@redhat.com> - 1.88.9-0.1
 - Resolves: RHEL-56626 : podman - fails to configure and run containers with podman rootless using different username and groupname
 - logging - test issue with imuxsock and loginctl used by podman - restart systemd-logind to fix podman tests
 - updates collection README for new Automation Hub format
 * Wed Sep 11 2024 Rich Megginson <rmeggins@redhat.com> - 1.88.8-0.1
 - Resolves: RHEL-56626 : podman - fails to configure and run containers with podman rootless using different username and groupname
 - podman - previous fix broke ansible 2.9 + el8 with volume cleanup
 - logging - test issue with imuxsock and journald - restart dbus-broker
 * Wed Sep  4 2024 Rich Megginson <rmeggins@redhat.com> - 1.88.7-0.2
 - Resolves: RHEL-56626 : podman - fails to configure and run containers with podman rootless using different username and groupname
 - fapolicyd - fix method used to read from journald to determine when daemon is listening
 - storage - fix tests to use blkid instead of lsblk to get partition table
 - storage - skip stratis tests on el8
 - logging - tests_combination.yml needs fact gathering
 - same as 1.88.7-0.1 but needed to bump N-V-R and rebuild for exception
 * Wed Sep  4 2024 Rich Megginson <rmeggins@redhat.com> - 1.88.7-0.1
 - Resolves: RHEL-56626 : podman - fails to configure and run containers with podman rootless using different username and groupname
 - fapolicyd - fix method used to read from journald to determine when daemon is listening
 - storage - fix tests to use blkid instead of lsblk to get partition table
 - storage - skip stratis tests on el8
 - logging - tests_combination.yml needs fact gathering
 * Mon Aug 26 2024 Rich Megginson <rmeggins@redhat.com> - 1.88.4-0.1
 - Resolves: RHEL-53896 : kernel_settings - fix: Use tuned files instead of using it as a module
 - recent tuned in el9 changed the profile directory back to the old one
 - so had to change the role to detect directory
 * Thu Aug 22 2024 Rich Megginson <rmeggins@redhat.com> - 1.88.3-0.1
 - Resolves: RHEL-34214 : gfs2 - New Role
 - no el10, aarch64 support for gfs2
 - network role docs
 * Wed Aug 21 2024 Rich Megginson <rmeggins@redhat.com> - 1.88.2-0.1
 - Resolves: RHEL-55295 : ha_cluster - Fixes for new pcs and ansible
 - several fixes for ostree issues
 * Tue Aug 20 2024 Rich Megginson <rmeggins@redhat.com> - 1.88.0-0.1
 - Resolves: RHEL-55295 : ha_cluster - Fixes for new pcs and ansible
 - fix gather_facts issue with fapolicyd
 - fix gather_facts issue with ha_cluster
 - fix bond test firewall issue with network
 * Mon Aug 19 2024 Rich Megginson <rmeggins@redhat.com> - 1.87.2-0.1
 - Resolves: RHEL-50825 : System Roles: No module documentation
 - Fix storage role tests_lvm_pool_pv_grow issue with pvcreate hang on el7
 - podman - skip quadlet tests on non-x86_64 arch
 - journald - fix the test pattern that looks for the max size
 - network - fix the bond tests issue with firewall
 - sshd - add new parameters for openssh 9.8
 * Fri Aug 16 2024 Rich Megginson <rmeggins@redhat.com> - 1.87.1-0.1
 - Resolves: RHEL-30888 : storage - Fingerprint storage RHEL System Role managed config files
 - s390x issue fix requires fix for architecture fact
 * Fri Aug 16 2024 Rich Megginson <rmeggins@redhat.com> - 1.87.0-0.1
 - Resolves: RHEL-48227 : snapshot - feat: rewrite snapshot.py as an Ansible module / add support for thin origins
 - some test fixes in snapshot, network
 * Fri Aug  9 2024 Rich Megginson <rmeggins@redhat.com> - 1.86.0-0.1
 - Resolves: RHEL-53896 : kernel_settings - fix: Use tuned files instead of using it as a module
 - Resolves: RHEL-3252 : network - support route src parameter
 - Resolves: RHEL-53902 : rhc - fix: drop usage of "auto_attach" of the "redhat_subscription" module
 * Thu Aug  1 2024 Rich Megginson <rmeggins@redhat.com> - 1.85.0-0.1
 - Resolves: RHEL-49596 : ha_cluster - alerts support
 - other fixes for el10 support
 - add timesync_provider.sh side car doc for Automation Hub rendering issue
 * Tue Jul 23 2024 Rich Megginson <rmeggins@redhat.com> - 1.84.1-0.1
 - Resolves: RHEL-46590 : logging - RFE - system-roles - logging: Add truncate options for local file inputs
 - Resolves: RHEL-40273 : logging - redhat.rhel_system_roles.logging role fails to process logging_outputs: of type: "custom"
 - Resolves: RHEL-34935 : logging - [RFE] Add the umask settings or enable a variable in linux-system-roles.logging
 - Resolves: RHEL-50102 : podman - fix: proper cleanup for networks; ensure cleanup of resources
 - Resolves: RHEL-30888 : storage - Fingerprint storage RHEL System Role managed config files
 * Mon Jul 15 2024 Rich Megginson <rmeggins@redhat.com> - 1.83.0-0.1
 - Resolves: RHEL-46854 : postfix - feat: Added postfix_files feature as a simple means to add extra files/maps to config
 - Resolves: RHEL-48227 : snapshot - feat: rewrite snapshot.py as an Ansible module / add support for thin origins
 * Tue Jul 02 2024 Rich Megginson <rmeggins@redhat.com> - 1.82.0-0.1
 - Resolves: RHEL-41090 : cockpit - cockpit install all wildcard match does not work in newer el9
 - Resolves: RHEL-45717 : nbde_client - feat: Allow initrd configuration to be skipped
 - Implements meta/main.yml el10 support in most roles
 * Wed Jun 12 2024 Rich Megginson <rmeggins@redhat.com> - 1.79.0-0.3
 - add patch for https://github.com/containers/ansible-podman-collections/pull/784
  this is blocking gating tests
 * Tue Jun 11 2024 Rich Megginson <rmeggins@redhat.com> - 1.79.0-0.2
 - Resolves: RHEL-39996 : bootloader - Set user.cfg path to /boot/grub2/ on EL 9 UEFI
 - Resolves: RHEL-35561 : logging - Setup imuxsock using rhel-system-roles.logging causing an error
  fix test
 - Resolves: RHEL-40761 : podman - fix: grab name of network to remove from quadlet file
 - Resolves: RHEL-39438 : podman - Create podman secret when skip_existing=True and it does not exist
 - Resolves: RHEL-40180 : ssh - Add new configuration options and remove false positives in the test
 - Resolves: RHEL-31854 : storage - [RFE] manage stratis
 - Resolves: RHEL-25777 : storage - rhel-system-role.storage is not idempotent
 - Resolves: RHEL-14862 : storage - [RHEL9][RFE] resize LVM PVs
 - Resolves: RHEL-25994 : storage - var unused_disks get different sector size disks
 * Tue May 21 2024 Sergei Petrosian <spetrosi@redhat.com> - 1.79.0-0.1
 - Resolves: RHEL-35561 : logging - Setup imuxsock using rhel-system-roles.logging causing an error
 - Resolves: RHEL-37549 : sudo - Add sudo system role
 * Thu Apr 25 2024 Rich Megginson <rmeggins@redhat.com> - 1.78.1-0.1
 - fix some issues with ansible-test
 - Resolves: RHEL-34214 : gfs2 - New Role
 * Mon Apr 22 2024 Rich Megginson <rmeggins@redhat.com> - 1.77.0-0.1
 - Resolves: RHEL-18075 :  - package rhel-system-roles.noarch does not provide docs for ansible-doc
 - Resolves: RHEL-33532 : ha_cluster - [RFE] rhel_system_roles.ha_cluster - Utilization Support
 - Resolves: RHEL-33076 : ha_cluster - Fix inconsistent approach for multiple `attributes.attrs` in `ha_cluster_node_options`
 - Resolves: RHEL-32872 : network - Fix testing Failures due to connection.autoconnect-ports Unknown Property
 - Resolves: RHEL-33547 : podman - feat: manage TLS cert/key files for registry connections and validate certs
 - Resolves: RHEL-30185 : podman - podman role should support default credentials and per-unit credentials
 - Resolves: RHEL-30183 : podman - podman role should support containers-auth.json
 - Resolves: RHEL-25777 : storage - rhel-system-role.storage is not idempotent
 * Mon Apr 15 2024 Rich Megginson <rmeggins@redhat.com> - 1.76.2-0.1
 - Fix ansible-test issues
  Ensure "WARNING: " is quoted in description string
  Package doc_fragments for vendored modules
  Fix wrong collection deprecation error
  undefine __brp_mangle_shebangs because ansible-test does not like shebangs in executable files
  ensure that any files removed during the build/install process are also removed
  from ignore files
 - Resolves: RHEL-28658 : ad_integration - fix: Sets domain name lower case in realmd.conf section header
 - Resolves: RHEL-26714 : bootloader - bootloader role tests do not work on ostree
 - Resolves: RHEL-30111 : ha_cluster - [RFE] ha_cluster_node_options allows per-node addresses and SBD options to be set
 - Resolves: RHEL-27186 : ha_cluster - [RFE] make it easier to install cloud agents
 - Resolves: RHEL-17271 : ha_cluster - [RFE] rhel_system_roles.ha_cluster - ACL Support
 - Resolves: RHEL-30170 : journald - feat: Add options for rate limit interval and burst
 - Resolves: RHEL-25264 : network - Make sure that the network role CI is solid robust
 - Resolves: RHEL-32464 : podman - fix: do not use become for changing hostdir ownership, and expose subuid/subgid info
 - Resolves: RHEL-32382 : podman - fix: use correct user for cancel linger file name
 - Resolves: RHEL-30185 : podman - podman role should support default credentials and per-unit credentials
 - Resolves: RHEL-29309 : sshd - second SSHD service broken
 - Resolves: RHEL-30959 : storage - [RHEL9]  storage role resize volume  failed
 - Resolves: RHEL-29874 : storage - Running rhel-system-roles.storage w/ type: raid a second time, fails if existing RAID device has stratis installed on them.
 * Mon Feb 26 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.21
 - Resolves: RHEL-16336 : bootloader - Create bootloader role (MVP)
  fix issue with path on arches other than x86_64, and EFI systems
 - Resolves: RHEL-3253 : RHEL for Edge support in system roles
  cockpit - fixed issue with test cleanup
  postgresql - fixed issue with test cleanup
 * Wed Feb 21 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.20
 - Resolves: RHEL-16964 : rhc - new rhc_insights.display_name parameter
 - Resolves: RHEL-16552 : snapshot - New Role for storage snapshot management (lvm, etc.)
  fixes error handling
 * Tue Feb 20 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.19
 - Resolves: RHEL-16552 : snapshot - New Role for storage snapshot management (lvm, etc.)
  fixes idempotency, check mode, cleanup, basic-smoke-test
 * Tue Feb 20 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.18
 - Resolves: RHEL-22228 : podman - user linger needed before secrets
  fixed issue with ANSIBLE_GATHERING=explicit
 - Resolves: RHEL-5972 : sshd - ansible-sshd Manage SSH certificates
  fixed issue with RHEL7 tests
 * Thu Feb 15 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.17
 - Resolves: RHEL-25508 : nbde_server - fix: Allow tangd socket override directory to be managed outside of the role
 - Resolves: RHEL-19579 : network - Add blackhole type route to rhel-system-roles.network
 - Fixed issues with ANSIBLE_GATHERING=explicit in several roles
 - Fixed test cleanup issues in several roles
 * Tue Feb 13 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.16
 - Resolves: RHEL-16552 : snapshot - New Role for storage snapshot management (lvm, etc.)
  this is the MVP candidate for the snapshot role
 * Mon Feb 12 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.15
 - Resolves: RHEL-22106 : ha_cluster - Setting cluster members' attributes
 * Sun Feb 11 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.14
 - Resolves: RHEL-16336 : bootloader - Create bootloader role (MVP)
 - Resolves: RHEL-5274 : postgresql - unable to install PostgreSQL version 15 on RHEL 9
 * Fri Feb 9 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.13
 - Resolves: RHEL-16974 : rhc - rhc: new rhc_insights.ansible_host parameter
  Rename test playbook from .yaml to .yml
 * Thu Feb 8 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.12
 - Resolves: RHEL-22228 : podman - user linger needed before secrets
 * Wed Jan 31 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.11
 - Resolves: RHEL-5274 : postgresql - unable to install PostgreSQL version 15 on RHEL 9
 - Resolves: RHEL-23497 : storage - tests_lvm_auto_size_cap_nvme_generated failed at "Assert expected size is actual size"
 * Sat Jan 27 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.10
 - Resolves: RHEL-1535 : storage - Basic support for creating shared logical volumes
  GFS2 support in blivet is enabled
 * Fri Jan 26 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.9
 - Resolves: RHEL-21382 : ad_integration - feat: add ad_integration_preserve_authselect_profile
 - Resolves: RHEL-21133 : ad_integration - feat: Add SSSD parameters support
 - Resolves: RHEL-21117 : journald - feat: Add support for ForwardToSyslog
 - Resolves: RHEL-22309 : podman - fix: cast secret data to string in order to allow JSON valued strings
 - Resolves: RHEL-21401 : podman - fix: name of volume quadlet service should be basename-volume.service
 - Resolves: RHEL-16974 : rhc - rhc: new rhc_insights.ansible_host parameter
 * Wed Jan 24 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.8
 - Resolves: RHEL-16552 : snapshot - New Role for storage snapshot management (lvm, etc.)
 * Fri Jan 19 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.7
 - Add ExcludeArch i686 to fix build issues with ansible-core
 - Resolves: RHEL-15909 : keylime_server - won't detect registrar start failure
 * Thu Jan 18 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.6
 - Resolves: RHEL-21529 : storage - lvmlockd process is not running - test only
 * Mon Jan 15 2024 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.5
 - Resolves: RHEL-16336 : bootloader - Create bootloader role (MVP)
 * Tue Dec 12 2023 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.4
 - Resolves: RHEL-3253 : RHEL for Edge support in system roles
  updated several roles with ostree improvements
  metrics role support for ostree
 - Resolves: RHEL-16541 : fapolicyd - feat: Import code for fapolicyd system role
  several role improvements
 - Resolves: RHEL-18026 : ha_cluster - fix: set sbd.service timeout based on SBD_START_DELAY
 - Resolves: RHEL-19046 : logging - fix: avoid conf of RatelimitBurst when RatelimitInterval is zero
 - Resolves: RHEL-13760 : metrics - [RFE] Metrics system role support for configuring PMIE webhooks
 - Resolves: RHEL-19241 : podman - fix: add no_log: true for tasks that can log secret data
 - Resolves: RHEL-18962 : postgresql - feat: enable using postgresql 16
 - Resolves: RHEL-16976 : rhc - rhc: support RHEL 7 managed nodes
 - Resolves: RHEL-19040 : selinux - fix: no longer use "item" as a loop variable
 - Resolves: RHEL-19043 : selinux - fix: Print an error message when module to be created doesn't exist
 - Resolves: RHEL-1535 : storage - Basic support for creating shared logical volumes
 * Fri Dec 1 2023 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.3
 - Resolves: RHEL-17875 : ha_cluster - high-availability firewall service is not added on qdevice node
 * Thu Nov 30 2023 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.2
 - Resolves: RHEL-3253 : RHEL for Edge support in system roles
  vpn - fixed issue with test cleanup
 * Thu Nov 30 2023 Rich Megginson <rmeggins@redhat.com> - 1.23.0-2.1
 - Resolves: RHEL-3253 : RHEL for Edge support in system roles
  except for nbde_client, rhc, and metrics
 - Resolves: RHEL-17668 : ad_integration - feat: Add sssd custom settings
 - Resolves: RHEL-16541 : fapolicyd - feat: Import code for fapolicyd system role
 - Resolves: RHEL-15910 : ha_cluster - [RFE] HA Cluster system role should be able to enable Resilient Storage repository
 - Resolves: RHEL-15908 : ha_cluster - [FutureFeature] Allow ha_cluster role to configure all qdevice options
 - Resolves: RHEL-15876 : ha_cluster - [FutureFeature] Allow ha_cluster role to configure fencing topology
 - Resolves: RHEL-3353 : kdump - fix: retry read of kexec_crash_size
 - Resolves: RHEL-15932 : logging - feat: Add support for the global config option preserveFQDN
 - Resolves: RHEL-15439 : logging - feat: Add support for general queue and general action parameters
 - Resolves: RHEL-15037 : logging - fix: check that logging_max_message_size is set, not rsyslog_max_message_size
 - Resolves: RHEL-13760 : metrics - [RFE] Metrics system role support for configuring PMIE webhooks
 - Resolves: RHEL-1683 : network - Ansible RHEL network system role issue with ipv6.routing-rules the prefix length for 'from' cannot be zero"
 - Resolves: RHEL-15870 : selinux - fix: Use `ignore_selinux_state` module option
 - Resolves: RHEL-5972 : sshd - ansible-sshd Manage SSH certificates
 - Resolves: RHEL-16212 : storage - feat: Support for creating volumes without a FS
 * Thu Nov 9 2023 Sergei Petrosian <spetrosi@redhat.com> - 1.23.0-2
 - RHEL-1118: ad_integration: Support for dynamic DNS Updates
  Update to a new version with fixed tests
 * Wed Sep 20 2023 Sergei Petrosian <spetrosi@redhat.com> - 1.23.0-1
 - Resolves: RHEL-5346 spec - Remove with_html, instead use built-in .README.html
 - Resolves: RHEL-5972 ansible-sshd - Manage SSH certificates
 - rhbz#2223764: Remove ad_integration patch and use the latest ad_integration
  version instead. Vendor community-general.ini_files for
 - RHEL-1118: ad_integration: Support for dynamic DNS Updates
 - Change link to open new issue in galaxy.yml from deprecated BZ to Jira
 * Tue Aug 22 2023 Rich Megginson <rmeggins@redhat.com> - 1.22.0-2
 - Resolves:rhbz#2232758 : ad_integration - leaks credentials when in check_mode
  NOTE: changelog entry below has the wrong bz