Skip to content

Releases: linux-system-roles/cockpit

Use existing certificate - cockpit_cert, cockpit_private_key

03 Dec 01:07
@richm richm
1.2.0
af2b753
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Use existing certificate - cockpit_cert, cockpit_private_key

tests: Run cleanup on failures as well (#47)

Wrap tests into block:/always: so that the cleanup steps happen on
failed tests as well.

Add option to use an existing certificate (#46)

Add cockpit_{certificate,key}: role options which create
/etc/cockpit/ws-certs.d/50-system-role.{crt,key} symlinks to an existing
certificate.

This works only with cockpit >= 257, so conditionalize the test
accordingly.

Teach the generic test cleanup to remove all existing cockpit
certificates.

update tox-lsr version to 2.8.0 (#48)

update tox-lsr version to 2.8.0

New version adds check for proper commenting of the ansible_managed var

Signed-off-by: Sergei Petrosian [email protected]

Assets 2
Loading

several bug, doc, and test fixes; test with ansible 2.12

08 Nov 20:55
@richm richm
1.1.2
a7b98e7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
several bug, doc, and test fixes; test with ansible 2.12

Drop cockpit-dashboard from Debian's "full" list (#33)

Current Debian 11 stable has Cockpit 239, which also does not build
cockpit-dashboard any more.

tests: Assert some assumptions about the default role behaviour (#34)

Check the socket state, that cockpit's web server works, and that the
role does not create a config file.

tests: Run integration test in GitHub actions (#35)

Run them on pull requests, and every Monday morning, to catch
regressions in operating systems and outside dependencies.

Don't restart cockpit.socket with cockpit_started: no; check role options in integration test (#36)

  • tests: Split out cleanup

This makes it reusable between multiple tests.

  • tests: Use __cockpit_daemon variable

  • tests: Add name to tests_default.yml

This makes it easier to see which test is running when invoking multiple
playbooks at once.

  • Don't restart cockpit.socket with cockpit_started: no

  • Generate reproducible cockpit.conf

Sort the dictionaries, so that the generated files don't vary across
different Python versions or get erratic structure changes when
adding/removing keys.

  • tests: Test configuration options

This validates the previous commit for respecting cockpit_started: no.

Teach the cleanup role to remove the cockpit.config file.

Enable the Extras repository on RHEL 7

Test certmonger-generated Cockpit certificates (#39)

  • Test certmonger-generated Cockpit certificates

Add an integration test that generates a certificate with certmonger,
through the LSR certificate role. For this to work on RHEL/CentOS 7 this
has to employ a run_after script, which merges the cert and key [1],
renames it to "*.cert" [2], and fixes the permissions [3].

For older distributions this requires a hack to make
/etc/cockpit/ws-certs.d/ writable for certmonger [4].

[1] Cockpit 210 introduced support for separate *.key files in addition
to a merged cert/key file.
[2] Cockpit 210 looks for *.crt files in addition to *.cert
[3] lsr.certificates sets wrong permissions:
linux-system-roles/certificate#97
[4] Cockpit 255 fixes its SELinux policy by default, so Fedora and
CentOS/RHEL ≥ 9.0 don't need this any more.

  • fix yamllint, ansible-lint issues

fix yamllint, ansible-lint issues

Co-authored-by: Richard Megginson [email protected]

tests: Run Ansible in verbose mode in GitHub workflow integration test (#41)

support python 39, ansible-core 2.12, ansible-plugin-scan (#42)

Test certmonger-generated certificates directly in cockpit/ws-certs.d/ (#40)

  • Add names to all tasks in tests_certificate.yml

Required by ansible-lint 2.11.

  • tests: Check for existing roles/linux-system-roles.certificate dir only

The internal downstream tests seem to check out the git tree in a way
that does not create .git/HEAD. Drop this assumption, and test for the
directory only.

  • Test certmonger-generated certificates directly in cockpit/ws-certs.d/

Change tests_certificate.yml to a cleaner approach which directly asks
certmonger to put the certificate into /etc/cockpit/ws-certs.d/, and
avoid the runafter script. This approach relies on cockpit ≥ 211 and
linux-system-roles/certificate#97,
so it does not work on RHEL/CentOS 7. Skip it with older cockpit
versions.

Move the previous test to tests_certificate_runafter.yml, to cover the
runafter script approach which works everywhere.

tests: Generate self-signed certificate for RHEL >= 8 (#37)

ca: self-sign is only broken on RHEL/CentOS 7, but works everywhere
else. So let's use it in tests_certificate.yml to cover this case as
well, and make sure it does not break again.

tests_certificate_runafter.yml still needs to keep ca: local and the
additional CA retrieval step, but it doesn't hurt to cover that mode.

Document how to generate a web server certificate, various small documentation improvements (#43)

  • README: Explicitly list supported distributions

We cover RHEL, CentOS, Fedora, Debian, and Ubuntu by our CI. We can't
make any promises for the others, but the "such as" at least suggests
that it might work.

  • README: Link to cockpit.conf manpage

  • README: Link to linux-system-roles.firewall project

This provides documentation for the firewall features and syntax.

  • README: Document how to generate a web server certificate

update tox-lsr version to 2.7.1 (#45)

update the tox-lsr version used in github actions tox CI
to 2.7.1

The only difference between this an 2.7.0 is that Ansible 2.12
is now GA.

Signed-off-by: Rich Megginson [email protected]

Assets 2
Loading

Use apt-get-install -y

05 Oct 15:50
@spetrosi spetrosi
1.1.1
1070aef
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Use apt-get-install -y

use tox-lsr version 2.5.1 (#30)

This version removes support for molecule until we can figure out
what to do about molecule. This should make all of the tox tests
pass (except for python 2.6).

Signed-off-by: Rich Megginson [email protected]

use apt-get install -y (#31)

Signed-off-by: Rich Megginson [email protected]

Use {{ ansible_managed | comment }} to fix multi-line ansible_managed (#32)

BZ#2006230, BZ#2006231, BZ#2006233

Assets 2
Loading

drop support for ansible 2.8

12 Aug 16:24
@richm richm
1.1.0
be9b865
Compare
Choose a tag to compare
drop support for ansible 2.8

Raise supported Ansible version to 2.9

min_ansible_version is now 2.9
Bug 1989197 - drop support for Ansible 2.8
https://bugzilla.redhat.com/show_bug.cgi?id=1989197

Assets 2
Loading

Support cockpit config options, service state

07 Jul 23:28
@richm richm
1.0.0
ea88444
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Support cockpit config options, service state

Initial 1.0.0 version of Cockpit role

Support for Cockpit config file (#28)

Added cockpit_config variable to use to specify config options
for the cockpit config file.

variables to control if cockpit started/enabled

Added cockpit_enabled and cockpit_started to allow controlling
the cockpit service

Assets 2
Loading

Fix lint issues; support EL 9 managed hosts

26 May 20:51
@richm richm
0.3.2
53a9672
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Fix lint issues; support EL 9 managed hosts

Fix lint issues

Support EL 9 managed hosts

use tox-lsr for testing

Assets 2
Loading