Red Hat SummitChapter 25. System roles
The following chapter contains the most notable changes to system roles between RHEL 8 and RHEL 9.
25.1. Performing system administration tasks with RHEL system roles
As of Red Hat Enterprise Linux 9.0 General Availability (GA) release, RHEL system roles includes the ansible-core 2.12 package. This is a version of Ansible that has only the core functionality - that is, it does not include modules such as blivet for the storage role, gobject for the network role, and plugins such as json_query.
With RHEL system roles, you can take advantage of a configuration interface to remotely manage multiple RHEL systems. As an option to the traditional RHEL system roles format, you can benefit from Ansible Collections, available in the Automation Hub only for Ansible Automation Platform Customers or via RPM package, available for RHEL users.
New RHEL system roles
sudoIn RHEL 9.5, the
sudoRHEL system role has been added to distributesudoconfigurations in an automated manner to all managed nodes.For more details, see the dedicated release note New
sudoRHEL system role, or the resources in the/usr/share/doc/rhel-system-role/sudo/directory.gfs2In RHEL 9.5, the
gfs2RHEL system role has been added to configure Global File System 2 (GFS2) in an automated manner on all managed nodes.For more details, see the dedicated release note Support for configuring GFS2 file systems by using RHEL system roles, or the resources in the
/usr/share/doc/rhel-system-role/gfs2/directory.aideIn RHEL 9.6, the
aideRHEL system role has been added to configure detecting of unauthorized changes in an automated manner on all managed nodes.For more details, see the dedicated release note New RHEL system role:
aide, or the resources in the/usr/share/doc/rhel-system-role/aide/directory.
Support for Ansible Engine 2.9 is no longer available in RHEL 9
Ansible Engine 2.9 is no longer available in Red Hat Enterprise Linux 9. Playbooks that previously ran on Ansible Engine 2.9 might generate error messages related to missing plugins or modules. If your use case for Ansible falls outside of the limited scope of support for Ansible Core provided in RHEL, contact Red Hat to discuss the available offerings.
RHEL system roles now uses Ansible Core
As of the RHEL 9 General Availability release, Ansible Core is provided with a limited scope of support to enable RHEL supported automation use cases. Ansible Core is available in the AppStream repository for RHEL. For details on the scope of support, refer to Scope of support for the Ansible Core package included in the RHEL 9 AppStream.
As of Red Hat Enterprise Linux 9.0, the scope of support for Ansible Core in the RHEL AppStream is limited to any Ansible playbooks, roles, and modules that are included with or generated by a Red Hat product, such as RHEL system roles.
The deprecated --token option of the subscription-manager register command will stop working at the end of November 2024
The default entitlement server, subscription.rhsm.redhat.com, will no longer be allowing token-based authentication from the end of November 2024. As a result, the deprecated --token=<TOKEN> option of the subscription-manager register command will no longer be a supported authentication method. As a consequence, if you use subscription-manager register --token=<TOKEN>, the registration will fail with the following error message:
Token authentication not supported by the entitlement server
Token authentication not supported by the entitlement server
To register your system, use other supported authorization methods, such as including paired options --username / --password OR --org / --activationkey with the subscription-manager register command.
RHEL system roles can be used to manage multiple different versions of RHEL
You can use RHEL system roles as a consistent interface to manage different versions of RHEL. This can help to ease the transition between major versions of RHEL.
RHEL 8 moves to Maintenance Support phase
After the RHEL 8.10 release, RHEL 8 moved to the Maintenance Support phase and will no longer receive new features. As a result, starting with RHEL 9.5, new features will only be available in RHEL 9. Therefore, to get access to the latest enhancements use RHEL 9 for your RHEL system role control nodes.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}