Feature/v4 certify

.gitignore

@@ -1,3 +1,6 @@
+cspell.json
+.ansible/*
+.vscode/*
 .DS_Store
 **.DS_Store
 **/ansible.cfg
@@ -8,3 +11,6 @@
 **/*.pem
 **/*.log
 **/*.keep
+inventories/*
+inventories
+certificates/*

CHANGELOG.md

@@ -1,10 +1,21 @@
 # Changelog
 
+## v3.7.2 (January 09, 2026)
+
+* Added retries to epel repo install task https://github.com/itential/itential.deployer/pull/285
+* Change Gateway offline install method to use pip wheel/download  https://github.com/itential/itential.deployer/pull/287
+* Update repository descriptions in README  https://github.com/itential/itential.deployer/pull/283
+* added support for TLS 1.3  https://github.com/itential/itential.deployer/pull/284
+
+Full Changelog: https://github.com/itential/itential.deployer/compare/v3.7.1...v3.7.2 
+
+
 ## v3.7.1 (December 19, 2025)
 
 * Redis config updates  https://github.com/itential/itential.deployer/pull/279
 * Remove old variables that are no longer used  https://github.com/itential/itential.deployer/pull/280
 * Remove platform password encryption  https://github.com/itential/itential.deployer/pull/281
+* Update galaxy version and changelog for release 3.7.1 [skip ci]
 * setting vm swappiness to recommended value 1  https://github.com/itential/itential.deployer/pull/282
 
 Full Changelog: https://github.com/itential/itential.deployer/compare/v3.7.0...v3.7.1 

README.md

@@ -546,7 +546,7 @@ all:
     platform_release: 6
 
   children:
-    redis:
+    redis_master:
       hosts:
         example1.host.com:
 
@@ -715,7 +715,7 @@ all:
     platform_release: 6
 
   children:
-    redis:
+    redis_master:
       hosts:
         example1.host.com:
 
@@ -751,7 +751,7 @@ all:
     platform_release: 6
 
   children:
-    redis:
+    redis_master:
       hosts:
         redis.host.com:
 
@@ -791,13 +791,22 @@ all:
     platform_release: 6
 
   children:
-    redis:
+    redis_master:
       hosts:
         redis1.host.com:
+
+    redis_replica:
+      hosts:
         redis2.host.com:
         redis3.host.com:
       vars:
-        redis_replication_enabled: true
+        redis_replicaof: <master-hostname-or-ip> <redis-port> # defaults to "{{ groups['redis_master'][0] }} {{ redis_port}}"
+
+    redis_sentinel:
+      hosts:
+        sentinel1.host.com:
+        sentinel2.host.com:
+        sentinel3.host.com:
 
     mongodb:
       hosts:
@@ -818,11 +827,11 @@ all:
         platform_mongo_url: mongodb://itential:itential@mongodb1.host.com:27017,mongodb2.host.com:27017,mongodb3.host.com:27017/itential?replicaSet=rs0
         # Redis config
         platform_redis_sentinels:
-          - host: redis1.host.com
+          - host: sentinel1.host.com
             port: 26379
-          - host: redis2.host.com
+          - host: sentinel2.host.com
             port: 26379
-          - host: redis3.host.com
+          - host: rsentinel3.host.com
             port: 26379
 
     gateway:
@@ -885,21 +894,23 @@ all:
     platform_release: 6
 
   children:
-    redis:
+    redis_master:
       hosts:
         datacenter1.redis1.host.com:
-        datacenter1.redis2.host.com:
-        datacenter1.redis3.host.com:
-      vars:
-        redis_replication_enabled: true
 
-    redis_secondary:
+    redis_replica:
       hosts:
+        datacenter1.redis2.host.com:
         datacenter2.redis1.host.com:
         datacenter2.redis2.host.com:
-        datacenter2.redis3.host.com:
       vars:
-        redis_replication_enabled: true
+        redis_replicaof: <master-hostname-or-ip> <redis-port> # defaults to "{{ groups['redis_master'][0] }} {{ redis_port}}"
+
+    redis_sentinel:
+      hosts:
+        datacenter1.sentinel1.host.com:
+        datacenter2.sentinel1.host.com:
+        datacenter3.sentinel1.host.com:
 
     mongodb:
       hosts:
@@ -930,11 +941,11 @@ all:
         platform_redis_sentinel_username: itential
         platform_redis_sentinel_password: <super-secret-password>
         platform_redis_sentinels:
-          - host: datacenter1.redis1.host.com
+          - host: datacenter1.sentinel1.host.com
             port: 26379
-          - host: datacenter1.redis2.host.com
+          - host: datacenter2.sentinel1.host.com
             port: 26379
-          - host: datacenter1.redis3.host.com
+          - host: datacenter3.sentinel1.host.com
             port: 26379
 
     platform_secondary:
@@ -953,11 +964,11 @@ all:
         platform_redis_sentinel_username: itential
         platform_redis_sentinel_password: <super-secret-password>
         platform_redis_sentinels:
-          - host: datacenter2.redis1.host.com
+          - host: datacenter1.sentinel1.host.com
             port: 26379
-          - host: datacenter2.redis2.host.com
+          - host: datacenter2.sentinel1.host.com
             port: 26379
-          - host: datacenter2.redis3.host.com
+          - host: datacenter3.sentinel1.host.com
             port: 26379
 
     gateway:

docs/mongodb_guide.md

@@ -138,6 +138,12 @@ These variables apply to advanced situations.
 | `mongodb_mongod_service_delay` | Integer | The time in seconds between retries when starting the mongod service. | 10 |
 | `mongodb_status_poll` | Integer | The maximum number of times to query for the replicaset status before the set converges or we fail. | 3 |
 | `mongodb_status_interval` | Integer | The number of seconds to wait between polling executions. | 10 |
+| `mongodb_sysctl_file` | String | The name of the MongoDB sysctl file | /etc/sysctl.d/98-mongodb.conf |
+| `mongodb_net_ipv4_tcp_keepalive_time` | Integer | Time (in seconds) that a TCP connection remains idle before the kernel starts sending keepalive probes to verify the connection is still alive. | 300 |
+| `mongodb_net_core_somaxconn` | Integer | Controls the backlog queue size for incoming connections. When the queue is full, new connection attempts are rejected. | 65535 |
+| `mongodb_vm_zone_reclaim_mode` | Integer | Controls whether the kernel reclaims memory from local zones before allocating from remote NUMA nodes. | 0 |
+| `mongodb_vm_swappiness` | Integer | Balances between swapping out anonymous pages (process memory) versus dropping page cache (file system buffers). | 1 |
+| `mongodb_vm_max_map_count` | Integer | Maximum number of memory map areas (virtual memory areas/VMAs) a process can create. | 262144 |
 
 ## Configuring TLS
 

docs/redis_guide.md

@@ -103,9 +103,7 @@ The following tables lists the default variables located in `roles/redis/default
 | `redis_port` | Integer | The Redis listen port. | `6379` |
 | `redis_owner` | String | The Redis Linux user. | `redis` |
 | `redis_group` | String | The Redis Linux group. | `redis` |
-| `redis_bind_ipv6` | Boolean | Flag to enable IPv6. | `true` |
-| `redis_bind_addr_source` | String | The bind address source. Will default to the Ansible `inventory_hostname` unless explicitly set to `default_ipv4_address`. | `inventory_hostname` |
-| `redis_bind_addrs` | String | A space-separated list of hostnames/IP addresses on which Redis listeners will be created. If `redis_bind_ipv6` is set to `true`, `::1` will be added to the addresses. The `redis_bind_addr_source` will also be added to the addresses. | `127.0.0.1` |
+| `redis_bind` | String | A space-separated list of hostnames/IP addresses on which Redis listeners will be created. | `bind 127.0.0.1 {{ ansible_default_ipv4.address }}` |
 | `redis_tls_enabled` | Boolean | Flag to enable TLS connections. | `false` |
 
 ### Auth Variables
@@ -124,11 +122,18 @@ The following tables lists the default variables located in `roles/redis/default
 
 | Variable | Type | Description | Default Value |
 | :------- | :--- | :---------- | :------------ |
-| `redis_replication_enabled` | Boolean | Flag to enable Redis replication. When set to `true`, Redis replication will be configured and the Redis Sentinel service started. | `false` |
-| `redis_sentinel_port` | Integer | The Redis Sentinel listen port | `26379` |
+| `redis_replicaof` | String | The Redis replicaof setting.<br>Use replicaof to make a Redis instance a copy of another Redis server. | "{{ groups['redis_master'][0] }} {{ redis_port}}" |
+
+### Sentinel Variables
+
+| Variable | Type | Description | Default Value |
+| :------- | :--- | :---------- | :------------ |
 | `redis_sentinel_conf_file` | String | The location of the Redis Sentinel configuration file. | `/etc/redis/sentinel.conf` |
 | `redis_sentinel_log` | String | The location of the Redis Sentinel log file. | `/var/log/redis/sentinel.log` |
-| `redis_master_name` | String | The Redis master name | `itentialmaster` |
+| `redis_sentinel_port` | Integer | The Redis Sentinel listen port | `26379` |
+| `redis_sentinel_bind` | String | A space-separated list of hostnames/IP addresses on which Redis listeners will be created. | `bind 127.0.0.1 {{ ansible_default_ipv4.address }}` |
+| `redis_sentinel_master_name` | String | The Redis master name | `itentialmaster` |
+| `redis_sentinel_quorum` | String | The Sentinel quorum setting.<br>Auto-calculate quorum based on sentinel count (recommended).<br>Set to explicit number to override (must be <= number of sentinels). | `auto` |
 
 ### Offline Variables
 
@@ -168,15 +173,15 @@ be found in `roles/redis/vars/platform-release-<platform_release>.yml`.
 
 ## Building Your Inventory
 
-To install and configure Redis, add a `redis` group and host(s) to your inventory.  The following
-inventory shows a basic Redis configuration with a single Redis node with no authentication.
+To install and configure Redis, add a `redis_master` group and host(s) to your inventory.  The following
+inventory shows a basic Redis configuration with a single Redis node with authentication.
 
 ### Example Inventory - Single Redis Node
 
 ```yaml
 all:
   children:
-    redis:
+    redis_master:
       hosts:
         <host1>:
           ansible_host: <addr1>
@@ -189,11 +194,12 @@ all:
 ```yaml
 all:
   children:
-    redis:
+    redis_master:
       hosts:
         <host1>:
           ansible_host: <addr1>
       vars:
+        platform_release: 6
         redis_source_url: https://github.com/redis/redis/archive/7.2.7.tar.gz
 ```
 
@@ -202,7 +208,7 @@ all:
 ```yaml
 all:
   children:
-    redis:
+    redis_master:
       hosts:
         <host1>:
           ansible_host: <addr1>
@@ -211,41 +217,60 @@ all:
         redis_install_from_source: false
 ```
 
-To enable authentication, add the `redis_auth_enabled` flag to the `redis` group and set it to `true`.
+To configure a Redis replica set, add the replica hosts to the `redis_replica` group and configure the `redis_replicaof` variable.
 
-### Example Inventory - Configure Redis Authentication
+### Example Inventory - Configure Redis Replication
 
 ```yaml
 all:
+  vars:
+    platform_release: 6
   children:
-    redis:
+    redis_master:
       hosts:
         <host1>:
           ansible_host: <addr1>
+
+    redis_replica:
+      hosts:
+        <host2>:
+          ansible_host: <addr2>
+        <host3>:
+          ansible_host: <addr3>
       vars:
-        platform_release: 6
-        redis_auth_enabled: true
+        redis_replicaof: <master-hostname-or-ip> <redis-port> # defaults to "{{ groups['redis_master'][0] }} {{ redis_port}}"
 ```
 
-To configure a Redis replica set, add the `redis_replication_enabled` flag to the `redis` group and set it to `true` and add the additional hosts.
-
-### Example Inventory - Configure Redis Replication
+To configure Sentinels, add the sentinel hosts to the `redis_sentinel` group.
 
 ```yaml
 all:
+  vars:
+    platform_release: 6
   children:
-    redis:
+    redis_master:
       hosts:
         <host1>:
           ansible_host: <addr1>
+
+    redis_replica:
+      hosts:
         <host2>:
           ansible_host: <addr2>
         <host3>:
           ansible_host: <addr3>
       vars:
-        platform_release: 6
-        redis_auth_enabled: true
-        redis_replication_enabled: true
+        redis_replicaof: <master-hostname-or-ip> <redis-port> # defaults to "{{ groups['redis_master'][0] }} {{ redis_port}}"
+
+    redis_sentinel:
+      hosts:
+      hosts:
+        <host4>:
+          ansible_host: <addr4>
+        <host5>:
+          ansible_host: <addr5>
+        <host6>:
+          ansible_host: <addr6>
 ```
 
 ## Running the Playbook

galaxy.yml

@@ -8,7 +8,7 @@ namespace: itential
 name: deployer
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 3.7.1
+version: 3.7.2
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

playbooks/certify.yml

@@ -0,0 +1,12 @@
+# Copyright (c) 2026, Itential, Inc
+# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+---
+
+- name: Certify Redis Installation
+  import_playbook: itential.deployer.certify_redis
+
+- name: Certify MongoDB Installation
+  import_playbook: itential.deployer.certify_mongodb
+
+- name: Certify Platform Installation
+  import_playbook: itential.deployer.certify_platform

playbooks/certify_mongodb.yml

@@ -0,0 +1,13 @@
+# Copyright (c) 2026, Itential, Inc
+# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+---
+
+- name: Run MongoDB Certification Tasks
+  hosts: mongodb*
+  gather_facts: true
+  become: true
+  tasks:
+    - name: Certify MongoDB Installation  # noqa run-once
+      ansible.builtin.import_role:
+        name: itential.deployer.mongodb
+        tasks_from: certify-mongodb

playbooks/certify_platform.yml

@@ -0,0 +1,13 @@
+# Copyright (c) 2026, Itential, Inc
+# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+---
+
+- name: Run Platform Certification Tasks
+  hosts: platform*
+  gather_facts: true
+  become: true
+  tasks:
+    - name: Certify Platform Installation  # noqa run-once
+      ansible.builtin.import_role:
+        name: itential.deployer.platform
+        tasks_from: certify-platform