Red Hat Product Errata RHEA-2023:6946 - Product Enhancement Advisory
Issued:
2023-11-14
Updated:
2023-11-14

RHEA-2023:6946 - Product Enhancement Advisory

Synopsis

rhel-system-roles bug fix and enhancement update

Type/Severity

Product Enhancement Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rhel-system-roles is now available for Red Hat Enterprise Linux 8.

Description

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2140880 - missing module in linux-system-roles.firewall to create an ipset
  • BZ - 2141961 - RFE for the storage system role to support configuring the stripe size for RAID LVM volumes
  • BZ - 2151371 - [RFE] system role for PostgreSQL management
  • BZ - 2168738 - Storage: mounted devices that are in use cannot be resized
  • BZ - 2175326 - use ansible-galaxy collection build/install instead of tar
  • BZ - 2179016 - [RFE] New role for Red Hat subscription management, insights management [rhel-8.9.0]
  • BZ - 2181661 - [RFE] user-specified mount point owner and permissions
  • BZ - 2186057 - rhel-system-roles.certificate does not re-issue after updating key_size
  • BZ - 2186198 - spec: Remove doc fragments from vendored modules
  • BZ - 2186908 - RHC system role: activation key registration fails if system is already registered
  • BZ - 2186910 - fingerprint in config files managed by roles
  • BZ - 2190478 - Add possibility to load SBD watchdog kernel modules
  • BZ - 2190480 - use pcs to setup qdevice certificates if available
  • BZ - 2190483 - support for resource and operation defaults
  • BZ - 2191702 - use the proxy provider - the files provider is deprecated in sssd
  • BZ - 2193057 - Cannot set chunk size for RAID: Unsupported parameters for (blivet) module: pools.raid_chunk_size
  • BZ - 2209441 - rhc system role does not apply Insights tags
  • BZ - 2211247 - Failed to commit changes to disk: Failed to format device: Input/output error
  • BZ - 2211271 - use restorecon -T 0 on supported platforms
  • BZ - 2211272 - support auto_reset_crashkernel, dracut_args, deprecate /etc/sysconfig/kdump
  • BZ - 2211273 - Support configuring auto-dns setting
  • BZ - 2211723 - add ad_integration_force_rejoin
  • BZ - 2211778 - implement rhc_proxy.scheme
  • BZ - 2216485 - cluster and quorum can have distinct passwords
  • BZ - 2216521 - Don't install python(3)-firewall it's a dependency of firewalld
  • BZ - 2216759 - add ssh_backup option with default true
  • BZ - 2218204 - add mode parameter to change permissions for cert files
  • BZ - 2218595 - Support no-aaaa DNS option
  • BZ - 2218899 - [RHEL8] Unexpected behavior when creating ext4 filesystem with invalid parameter
  • BZ - 2220961 - support for healthchecks and healthcheck actions
  • BZ - 2220962 - support quadlet units
  • BZ - 2220963 - allow container networking configuration
  • BZ - 2222433 - Check mode fails when creating new firewall service
  • BZ - 2222808 - when firewalld.service is masked, firewall role fails
  • BZ - 2222809 - should have option to disable conflicting services
  • BZ - 2223036 - facts being gathered unnecessarily
  • BZ - 2224094 - RAID volume pre cleanup - remove existing data from member disks as needed before creation
  • BZ - 2224387 - keylime_server system role for managing keylime servers
  • BZ - 2224388 - systemd system role for managing systemd units
  • BZ - 2224648 - fix: reload on resetting to defaults
  • BZ - 2226077 - Podman system role: Unable to use podman_registries_conf to set unqualified-search-registries
  • BZ - 2227823 - rhc: baseurl in rhsm.conf is empty when rhc_baseurl is not specified
  • BZ - 2232391 - kdump role: "Write new authorized_keys if needed" task idempotency issues
  • BZ - 2232392 - kdump system role fails if kdump_ssh_user doesn't have a .ssh/authorized_keys file in home directory
  • BZ - 2233183 - red hat "rhel system role" ad_integration leaks credentials when in check_mode

CVEs

(none)

Red Hat Enterprise Linux for x86_64 8

SRPM
rhel-system-roles-1.22.0-1.el8.src.rpm SHA-256: df3a7c8cf0be2c552e3db47ee1501decc487e76333728483c879783d033ff7c8
x86_64
rhel-system-roles-1.22.0-1.el8.noarch.rpm SHA-256: 0a8e8d641e92da8f50e9b053989dc76d0f79bf3b760db6195d9994bc4d6a5357

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
rhel-system-roles-1.22.0-1.el8.src.rpm SHA-256: df3a7c8cf0be2c552e3db47ee1501decc487e76333728483c879783d033ff7c8
s390x
rhel-system-roles-1.22.0-1.el8.noarch.rpm SHA-256: 0a8e8d641e92da8f50e9b053989dc76d0f79bf3b760db6195d9994bc4d6a5357

Red Hat Enterprise Linux for Power, little endian 8

SRPM
rhel-system-roles-1.22.0-1.el8.src.rpm SHA-256: df3a7c8cf0be2c552e3db47ee1501decc487e76333728483c879783d033ff7c8
ppc64le
rhel-system-roles-1.22.0-1.el8.noarch.rpm SHA-256: 0a8e8d641e92da8f50e9b053989dc76d0f79bf3b760db6195d9994bc4d6a5357

Red Hat Enterprise Linux for ARM 64 8

SRPM
rhel-system-roles-1.22.0-1.el8.src.rpm SHA-256: df3a7c8cf0be2c552e3db47ee1501decc487e76333728483c879783d033ff7c8
aarch64
rhel-system-roles-1.22.0-1.el8.noarch.rpm SHA-256: 0a8e8d641e92da8f50e9b053989dc76d0f79bf3b760db6195d9994bc4d6a5357

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.