Version 1.4.4

[1.4.4] - 2023-04-13

Other Changes

• fix ansible-lint issues in tests (#134)
• add docs for set_default_zone (#135)

Version 1.4.3

[1.4.3] - 2023-04-06

Other Changes

• Add README-ansible.md to refer Ansible intro page on linux-system-roles.github.io (#132)

Version 1.4.2

[1.4.2] - 2023-01-20

New Features

• none

Bug Fixes

• ansible-lint 6.x fixes
• cannot use distutils; use custom version

Other Changes

• Add check for non-inclusive language (#114)
• Add CodeQL workflow for GitHub code scanning

Version 1.4.1

[1.4.1] - 2022-12-12

New Features

• none

Bug Fixes

• none

Other Changes

• Added some example playbooks (#110)

Version 1.4.0

[1.4.0] - 2022-07-26

New Features

• feature - add/remove interfaces by PCI ID

FEATURE OVERVIEW

• allows users to add by what a device is (vendor:device_type) instead of interface names

  • interface names that match the wildcard XXXX:XXXX (X = hex) will be converted to interface names.

  • Multiple matches will result in play being done on multiple devices

• Add Network Manager interaction when adding/removing interfaces from zones

• Add functions that convert PCI IDs into network interface names

Fixes #87

Bug Fixes

• none

Other Changes

• changelog_to_tag action - support other than "master" for the main branch name, as well (#96)

Signed-off-by: Rich Megginson [email protected]

Version 1.3.0

[1.3.0] - 2022-07-20

New Features

• Feature: add/update/delete services

• Can add services by using the present state, with the specified details for the service (Permanent required)
• Only required details are the service name using the service option, other options supported:
• short, description, port, source port, protocol, module (helper_module), destination
• remove services by using absent state and only the service name (no "detail" options) (Permanent required)
• remove service elements by adding the elements and their values
• service will not be removed if any of the removable elements are specified as well
• update short and descriptions of services by using present state with the options while short or description are defined
• Cannot remove short or descriptions
• as with the rest of this feature, permanent is required to do this

Fixes: #80

• Feature: Ansible facts with firewalld configuration

• called by calling the firewall system role with either no parameters
  or with only the detailed parameter
• fetches and returns ansible fact firewall_config
• detailed in README.md, under ansible_fact section

Fixes #82

Bug Fixes

• bugfix: port forward dict form

• fixed bug where port_forward argument only worked with string argument
• additionally argument convert to list if necessary
• minimal tests added for port forward
• tests_port_forward.yml only has the fail case that the role fails

Fixes: #85

Other Changes

• make all tests work with gather_facts: false (#84)

The tests_zone.yml test uses facts outside of the role and
needs to gather_facts: true when using ANSIBLE_GATHERING=explicit

• make min_ansible_version a string in meta/main.yml (#88)

The Ansible developers say that min_ansible_version in meta/main.yml
must be a string value like "2.9", not a float value like 2.9.

• fix destination rendering in github markdown renderer

Just make the problematic text a literal string so it won't get rendered incorrectly

• Add CHANGELOG.md (#90)

state no longer required for masquerade and ICMP block inversion

fix: state no longer required for masquerade and ICMP block inversion

• The above, and added a new error message for attempting to not specify state when using options that require state like source, port, port_forward

-- Unit test case added for this error message

• Removed state option from integration tests for masquerading and ICMP block, retaining the same fail conditions

Fixes: #76

Fix deprecated syntax in Readme (#75)

tests_ansible: replaced immediate options with runtime options (#78)

• Replaced all uses of the depreciated immediate option with the runtime option

Fixes: #77

remove customzone zone in cleanup and other cleanup improvements (#74)

remove customzone zone in cleanup (#74)

• remove customzone zone in cleanup

• fix test failure in tests_purge_config; add cleanups

• ensure default zone is set to other than dmz for test

[citest skip] bump tox-lsr version to 2.11.0; remove py37; add py310 (#73)

tox-lsr version 2.11.0 has support for collection-requirements.yml,
runqemu improvements, and support for python 3.10

python 3.7 is not used on any supported platform, so remove it

Signed-off-by: Rich Megginson [email protected]

Added ability to restore Firewalld defaults

Added ability to restore Firewalld defaults

The user can add previous: replaced to one of the elements in
the firewall list to force the role to remove all existing
config files. You can use this to make your Ansible inventory
the "source of truth" for all firewall configuration.

There is a lot of stuff here to ensure that:

• all operations of the role are idempotent
• the role will only report changed: true when something
  actually changed

Specifically - if using previous: replaced, the role will only
report changed: true if the final configuration, after erasing
and applying all of the configuration, is different than the
initial configuration.

support gather_facts: false; support setup-snapshot.yml (#71)

support gather_facts: false; support setup-snapshot.yml (#71)

Some users use gather_facts: false in their playbooks. This changes
the role to work in that case, by gathering only the facts it requires
to run.
CI testing can be sped up by creating a snapshot image pre-installed
with packages. tests/setup-snapshot.yml can be used by a CI system
to do this.