SIMP 6.5.0

Table of Contents

Release Notes for SIMP 6.5.0

How to use this page

  • Go to the row of your module
  • If the "proposed version" is green, then it has been released and tagged
  • If the "proposed version" is blue, verify that the tests have all passed, bold the text
  • If the "proposed version" is bold, tag and release the component, and color the column green


Component Selection

BLUENew version since last SIMP release
YELLOWNew component since last SIMP release
GRAYOmitted component
WHITESame version as last SIMP release
REDTBD: Outstanding problem
BOLDReady to release
BOLD ITALICSTag published but not verified as released
GREENNew version tagged, Forge released, RPM released

VERSIONTESTSRELEASED

Component

6.5

6.4UnitAcceptance

Github

Puppet ForgeRPMChangelog

adapter

2.0.0

1.0.1

released




environment-skeleton

7.2.0

7.1.0

released




gpgkeys

3.1.1

3.1.0



released




rsync-skeleton

7.0.4

7.0.1

released




rsync

6.2.1-2

6.2.1-2

released




rubygem-simp-cli

6.1.1

5.0.3

released




simp-core

6.5

6.4

unreleased




selinux-policy

1.0.0




released




utils

6.5.0

6.2.2

released




acpid

1.2.0

1.0.4

released




aide

6.4.2

6.3.0

released


at

0.1.0

0.0.7

released




auditd

8.6.2

8.4.0

released




autofs

7.0.0

6.2.0

released




chkrootkit

0.3.0

0.2.0

released




clamav

6.4.0

6.3.0

released




compliance_markup

3.1.3

3.0.1

released




cron

0.2.0

0.1.2

released




crypto_policy0.1.2N/A

released


dconf

0.1.0

0.0.3

released




deferred_resources

0.3.0

0.2.2

released




dhcp

6.2.0

6.1.1

released




fips

0.4.2

0.4.0

released




freeradius

8.1.1

8.0.1

released




gdm

7.2.3

7.2.0

released




gnome

8.1.2

8.1.0

released




haveged

0.6.0

0.5.0

released




hirs_provisioner

0.1.4

0.1.2

released




ima

0.3.0

0.2.0

released




incron

0.5.0

0.4.1

released




iptables

6.5.4

6.3.0

released




issue

0.2.0

0.1.1

released




krb5

7.1.0

7.0.5

released




libreswan

3.4.1

3.1.1

released




libvirt

5.3.0

5.2.2

released




logrotate

6.5.0

6.4.0

released




mate

1.1.1

1.0.2

released




mozilla

5.2.0

5.1.1

released




named

6.3.0

6.2.0

released




network

6.2.0

6.1.0

released




nfs

7.0.1

6.2.2

released




ntpd

6.5.1

6.5.0

released




oath

0.2.0

0.1.1

released




oddjob

2.2.0

2.1.1

released




openscap

6.3.0

6.2.1

released




pam

6.8.2

6.6.0

released




pki

6.2.0

6.1.1

released




polkit

6.3.0

6.1.2

released




postfix

5.5.0

5.3.0

released




pupmod

8.1.2

7.11.0

released


resolv

0.5.0

0.2.0

released


rkhunter

0.0.3

0.0.2

released




rsync

6.4.1

6.3.0

unreleased




rsyslog

7.6.4

7.5.0

released


selinux

2.6.2

2.5.0

released




simp

4.14.3

4.10.0

released




simp_apache

7.0.1

6.2.0

released




simp_banners

0.2.0

0.1.2

released




simp_bolt

0.3.0

0.1.1

released




simp_firewalld

0.1.2

N/A

released




simp_gitlab

0.6.0

0.4.0

released




simp_grub

0.2.1

0.1.1

released




simp_ipa

0.1.0

0.0.2

released




simp_nfs

1.0.1

0.2.0

released




simp_openldap

6.4.3

6.4.0

released




simp_options

1.4.1

1.3.0

released




simp_pki_service

0.3.1

0.2.0

released




simp_rsyslog

0.5.1

0.4.0

released




simp_snmpd

1.0.0

0.1.2

released




simpkv0.7.1--

released


simplib

4.6.2

3.15.3

released




ssh

6.11.1

6.8.1

released




sssd

6.3.1

6.2.0

released




stunnel

6.6.0

6.5.0

released




sudo

5.3.1

5.20

released


sudosh

6.2.1

6.1.1

released




svckill

3.6.1

3.5.0

released




swap

0.2.0

1.4.0

released




tcpwrappers

6.2.0

6.1.2

released




tftpboot

6.3.1

6.2.2

released




tlog

0.2.1

0.1.2

released




tpm

3.2.0

3.1.1

released




tpm2

0.3.1

0.2.0

released




tuned

0.2.1

0.1.1

released




upstart

6.1.1

6.0.5

released




useradd

0.4.1

0.3.0

released




vnc

7.1.1

7.0.1

released




vsftpd

7.4.0

7.3.0

released




x2go

0.3.0

0.2.1

released




xinetd

4.2.1

4.2.0

released




Non SIMP Components

Component

 
6.56.4
pupmod-camptocamp-kmod2.5.0

pupmod-camptocamp-systemd2.9.0

pupmod-herculesteam-augeasproviders_apache N/A

pupmod-herculesteam-augeasproviders_core2.6.0

pupmod-herculesteam-augeasproviders_grub3.2.0

pupmod-herculesteam-augeasproviders_postgresqlremoved

pupmod-herculesteam-augeasproviders_puppetremoved

pupmod-herculesteam-augeasproviders_shellvarremoved

pupmod-herculesteam-augeasproviders_ssh3.3.0

pupmod-herculesteam-augeasproviders_sysctl2.5.0

pupmod-onyxpoint-gpasswd1.1.1

voxpupuli-yum4.1.1

pupmod-puppetlabs-apache5.5.0

pupmod-puppetlabs-concat6.2.0

pupmod-puppetlabs-hocon1.1.0

pupmod-puppetlabs-inifile4.1.0

pupmod-puppetlabs-motd4.1.0

pupmod-puppetlabs-mount_providersremoved

pupmod-puppetlabs-postgresql6.6.0

puppetlabs-puppetdb7.5.0

pupmod-puppetlabs-puppet_authorization0.5.1

pupmod-puppetlabs-stdlib6.2.0

pupmod-voxpupuli-firewalld4.3.0N/A
pupmod-aboe76-chrony0.3.1N/A
pupmod-herculesteam-augeasproviders_mounttabremoved

pupmod-herculesteam-augeasproviders_nagiosremoved

pupmod-herculesteam-augeasproviders_pamremoved

pupmod-puppet-posix_acl1.0.1

pupmod-puppet-snmp5.1.1

pupmod-puppetlabs-java6.2.0

pupmod-puppetlabs-mysql10.4.0

pupmod-puppetlabs-ruby_task_helper0.3.0

pupmod-puppetlabs-translate2.1.0

pupmod-saz-locales2.5.1

pupmod-treydock-kdump0.4.1


Release Testing Procedure

 

The full release testing procedure is documented in the Official SIMP Docs.

Puppet Versions Testing

Puppet version for GitLab and TravisCI

Puppet modules will be tested in GitLab and TravisCI with the following versions:

Puppet version for simp-core (integration) and SIMP ISO testing

ReleasePuppetRubyNotes
SIMP 6.5.0

Version to be included in SIMP 6.5.0 ISOs

ReleasePuppetRubyNotes
PE 2019.86.16.02.4.10Version to be included in SIMP 6.5.0 ISOs
PE 2019.86.16.02.5.8New PE LTS


OS Versions For Testing

  • SIMP acceptance tests will be executed with the following OS versions:
    • CentOS 7.8 (2003)
    • CentOS 8.2 (2004)  Client Only.  Puppet Server and ISO in next release. 
    • CentOS 6.10 - EOL Nov 2020 not all new modules will work.
    • RedHat 7.8
    • RedHat 6.10 - EOL
    • OracleLinux 7.8
    • OracleLinux 6.10 -
  • SIMP 6.5.0 ISOs for CentOS 7.8 will be built
  • SIMP 6.5.0 modules will work on CentOS 7 and 8 clients.  Where possible they will be updated for CentOS6.10.  A list modules not compatible with 6.10 will be provided.
  • If licenses are available, SIMP 6.5.0 ISOs for RedHat 7.8 will be built and tested.

Tests - New/Changed Features

The tests in this section focus on new features or major, SIMP-wide changes.

Legend:

(lightbulb) - Means this version needs to be tested (if in 6.5 it means it is not version specific and only needs to be done for the release.)

(grey lightbulb) - This version does not need to be tested.

(question) - Testing probably sufficient from other versions.

(error) - Testing has failed.

(tick) - Testing completed and Passed.

blank - This test is not OS specific

greenthese test are automated




ComponentTest

Required

Tasks

6.5EL8EL7EL6OL8OL7OL6RH8RH7RH6StatusNotes
1simp-coreVerify Puppet File matches release versions
(lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)
This must be completed before any other tests are done
2installationVerify installation from RPM

(grey lightbulb)(lightbulb)(lightbulb)(grey lightbulb)(lightbulb)(lightbulb)(grey lightbulb)(question)(question)

3simp-coreCreate and verify Changelog.rst
(lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)
This addresses STIG updates and Compliance Markup modules changes.
4simp-doc,'Upgrading SIMP' has an entry for the latest version and is correct
(lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)

5simp-integration_testSIMP server upgrade from RPM using the upgrade instructions.  Document any steps that are needed outside the ordinary upgrade.  Then, if there are additional steps, have someone else use the docs to do the upgrade to verify.
(grey lightbulb)(grey lightbulb)(lightbulb)(lightbulb)(grey lightbulb)(lightbulb)(lightbulb)(grey lightbulb)(question)(question)

See simp-integration_test for automated upgrade test.

this should be done for servers in both FIPS and NOFIPS mode.

6RPMs and Released ModulesDogfooding
(grey lightbulb)(grey lightbulb)(lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)(grey lightbulb)

Or "drink your own home brew", which ever you prefer.

  • CentOS 7: SIMP server and SIMP client
  • CentOS 6: SIMP client only
7Final RPM testingRun the simp-core install_from_rpm test and versify that it passes.   This will pull the packages from packagecloud.io and do an install.RPMs have been uploaded to packagecloud(grey lightbulb)(grey lightbulb)(lightbulb)(lightbulb)(grey lightbulb)(lightbulb)(lightbulb)(grey lightbulb)(lightbulb)(lightbulb)

in simp-core run

  • SIMP_BEAKER_OS=oel beaker:suites[install_from_rpm]
  • beaker:suites[install_from_rpm]
  • beaker:suites[install_from_rpm,el6_server]
  • SIMP_BEAKER_OS=oel beaker:suites[install_from_rpm,el6_server]

and then do it all again with BEAKER_fips=yes

8Puppet Forge Testingrun the simp-core test install_from_core_module test to test the modules pushed to Puppet ForgeAfter modules have been tag with an annotated tag(grey lightbulb)(grey lightbulb)(lightbulb)(lightbulb)(grey lightbulb)(lightbulb)(lightbulb)(grey lightbulb)(question)(question)

in simp-core run

  • beaker:suites[install_from_core_module]
  • SIMP_BEAKER_OS=oel beaker:suites[install_from_core_module]
  • beaker:suites[install_from_core_module,el6_server]
  • SIMP_BEAKER_OS=oel beaker:suites[install_from_core_module,el6_server]

and then do it all again with BEAKER_fips=yes

Tests - Regression/Integration Testing

The tests in this section are regression tests to ensure unmodified capabilities still function.  These tests should use the packer boxes created in the New/Changed Feature tests, were applicable.

Note that most of these tests should eventually be automated by simp-packer, simp-integration_test, or simp-core tests so check there and remove them from these list as they are automated elsewhere.

TestEL6EL7EL8(clients only)6.5StatusNotes
1

Verify non-standard BIOS boot options from the ISO:

  •   choose own partitions
  •   minimum installation
(grey lightbulb)(lightbulb)(grey lightbulb)(grey lightbulb)
(SIMP, FIPS and Encryption are all tested by Packer.)
2

Verify all boot Options in UEFI mode from ISO:

  • FIPS
  • no-FIPS
  • FIPS+Encrypted
  • FIPS+choose own partitions
  • minimum
(grey lightbulb)(lightbulb)(grey lightbulb)(grey lightbulb)

3PXE Boot Testing BIOS(lightbulb)(lightbulb)(lightbulb)(grey lightbulb)
test booting clients from EL7 server and EL6 server.
4PXE Boot Testing UEFI(lightbulb)(lightbulb)(lightbulb)(grey lightbulb)

5Bootstrap simp-lite scenario(grey lightbulb)(lightbulb)(grey lightbulb)(grey lightbulb)

6

Verify simp-lite operations:

  • login operations (PAM, LDAP, local user)
  • NFS operations (home directory)
  • logging operations (rsyslog)
  • auditing operations
(lightbulb)(lightbulb)(grey lightbulb)(grey lightbulb)
test EL6 server from and upgraded server. 
7Bootstrap poss scenario(grey lightbulb)(lightbulb)(grey lightbulb)(grey lightbulb)

8Bootstrap run-once scenario(grey lightbulb)(lightbulb)(grey lightbulb)(grey lightbulb)

9Verify ability to switch FIPS from on to off(lightbulb)(lightbulb)(lightbulb)(grey lightbulb)
Switching from off to on is known to have problems because of ciphers.
10Verify ability to turn on and off auditing and selinux(lightbulb)(lightbulb)(lightbulb)(grey lightbulb)

11

General Review of documentation:

  • Getting Started
  • User Guide
  • HOW TOs
  • FAQS
(grey lightbulb)(grey lightbulb)(grey lightbulb)(lightbulb)

12simp-utils:

executables that are not tested otherwise work as advertised

  • unpack_dvd
(lightbulb)(lightbulb)(grey lightbulb)(grey lightbulb)

The following have acceptance tests that simply need to be executed:

  • gen_ldap_update
  • updaterepos

Open Issues Assigned to Release 6.5.0


Key Summary T Updated Assignee Status Reporter
Loading...
Refresh