mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
validate-modules: Fix all system modules (#52384)
This PR includes validate-modules fixes for all system modules. Except a few that are deliberately implemented like this.
This commit is contained in:
parent
c9eb186a94
commit
8c74df5e67
26 changed files with 568 additions and 495 deletions
|
@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
author:
|
author:
|
||||||
- Joris Weijters (@molekuul)
|
- Joris Weijters (@molekuul)
|
||||||
|
@ -42,7 +42,7 @@ options:
|
||||||
- bootwait
|
- bootwait
|
||||||
- hold
|
- hold
|
||||||
- initdefault
|
- initdefault
|
||||||
- off
|
- 'off'
|
||||||
- once
|
- once
|
||||||
- ondemand
|
- ondemand
|
||||||
- powerfail
|
- powerfail
|
||||||
|
@ -174,7 +174,7 @@ def main():
|
||||||
]),
|
]),
|
||||||
command=dict(type='str', required=True),
|
command=dict(type='str', required=True),
|
||||||
insertafter=dict(type='str'),
|
insertafter=dict(type='str'),
|
||||||
state=dict(type='str', required=True, choices=['absent', 'present']),
|
state=dict(type='str', default='present', choices=['absent', 'present']),
|
||||||
),
|
),
|
||||||
supports_check_mode=True,
|
supports_check_mode=True,
|
||||||
)
|
)
|
||||||
|
|
|
@ -24,6 +24,7 @@ options:
|
||||||
- Specifies the path to the file to be managed.
|
- Specifies the path to the file to be managed.
|
||||||
type: str
|
type: str
|
||||||
required: yes
|
required: yes
|
||||||
|
aliases: [ key ]
|
||||||
capability:
|
capability:
|
||||||
description:
|
description:
|
||||||
- Desired capability to set (with operator and flags, if state is C(present)) or remove (if state is C(absent))
|
- Desired capability to set (with operator and flags, if state is C(present)) or remove (if state is C(absent))
|
||||||
|
|
|
@ -15,7 +15,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
DOCUMENTATION = """
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: cron
|
module: cron
|
||||||
short_description: Manage cron.d and crontab entries
|
short_description: Manage cron.d and crontab entries
|
||||||
|
@ -27,67 +27,78 @@ description:
|
||||||
which is used by future ansible/module calls to find/check the state. The "name"
|
which is used by future ansible/module calls to find/check the state. The "name"
|
||||||
parameter should be unique, and changing the "name" value will result in a new cron
|
parameter should be unique, and changing the "name" value will result in a new cron
|
||||||
task being created (or a different one being removed).'
|
task being created (or a different one being removed).'
|
||||||
- 'When environment variables are managed: no comment line is added, but, when the module
|
- When environment variables are managed, no comment line is added, but, when the module
|
||||||
needs to find/check the state, it uses the "name" parameter to find the environment
|
needs to find/check the state, it uses the "name" parameter to find the environment
|
||||||
variable definition line.'
|
variable definition line.
|
||||||
- 'When using symbols such as %, they must be properly escaped.'
|
- When using symbols such as %, they must be properly escaped.
|
||||||
version_added: "0.9"
|
version_added: "0.9"
|
||||||
options:
|
options:
|
||||||
name:
|
name:
|
||||||
description:
|
description:
|
||||||
- Description of a crontab entry or, if env is set, the name of environment variable.
|
- Description of a crontab entry or, if env is set, the name of environment variable.
|
||||||
Required if state=absent. Note that if name is not set and state=present, then a
|
- Required if C(state=absent).
|
||||||
|
- Note that if name is not set and C(state=present), then a
|
||||||
new crontab entry will always be created, regardless of existing ones.
|
new crontab entry will always be created, regardless of existing ones.
|
||||||
This parameter will always be required in future releases.
|
- This parameter will always be required in future releases.
|
||||||
|
type: str
|
||||||
user:
|
user:
|
||||||
description:
|
description:
|
||||||
- The specific user whose crontab should be modified.
|
- The specific user whose crontab should be modified.
|
||||||
default: root
|
- When unset, this parameter defaults to using C(root).
|
||||||
|
type: str
|
||||||
job:
|
job:
|
||||||
description:
|
description:
|
||||||
- The command to execute or, if env is set, the value of environment variable.
|
- The command to execute or, if env is set, the value of environment variable.
|
||||||
The command should not contain line breaks.
|
- The command should not contain line breaks.
|
||||||
Required if state=present.
|
- Required if C(state=present).
|
||||||
|
type: str
|
||||||
aliases: [ value ]
|
aliases: [ value ]
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Whether to ensure the job or environment variable is present or absent.
|
- Whether to ensure the job or environment variable is present or absent.
|
||||||
|
type: str
|
||||||
choices: [ absent, present ]
|
choices: [ absent, present ]
|
||||||
default: present
|
default: present
|
||||||
cron_file:
|
cron_file:
|
||||||
description:
|
description:
|
||||||
- If specified, uses this file instead of an individual user's crontab.
|
- If specified, uses this file instead of an individual user's crontab.
|
||||||
If this is a relative path, it is interpreted with respect to
|
- If this is a relative path, it is interpreted with respect to I(/etc/cron.d).
|
||||||
/etc/cron.d. (If it is absolute, it will typically be /etc/crontab).
|
- If it is absolute, it will typically be I(/etc/crontab).
|
||||||
Many linux distros expect (and some require) the filename portion to consist solely
|
- Many linux distros expect (and some require) the filename portion to consist solely
|
||||||
of upper- and lower-case letters, digits, underscores, and hyphens.
|
of upper- and lower-case letters, digits, underscores, and hyphens.
|
||||||
To use the C(cron_file) parameter you must specify the C(user) as well.
|
- To use the C(cron_file) parameter you must specify the C(user) as well.
|
||||||
|
type: str
|
||||||
backup:
|
backup:
|
||||||
description:
|
description:
|
||||||
- If set, create a backup of the crontab before it is modified.
|
- If set, create a backup of the crontab before it is modified.
|
||||||
The location of the backup is returned in the C(backup_file) variable by this module.
|
The location of the backup is returned in the C(backup_file) variable by this module.
|
||||||
type: bool
|
type: bool
|
||||||
default: 'no'
|
default: no
|
||||||
minute:
|
minute:
|
||||||
description:
|
description:
|
||||||
- Minute when the job should run ( 0-59, *, */2, etc )
|
- Minute when the job should run ( 0-59, *, */2, etc )
|
||||||
|
type: str
|
||||||
default: "*"
|
default: "*"
|
||||||
hour:
|
hour:
|
||||||
description:
|
description:
|
||||||
- Hour when the job should run ( 0-23, *, */2, etc )
|
- Hour when the job should run ( 0-23, *, */2, etc )
|
||||||
|
type: str
|
||||||
default: "*"
|
default: "*"
|
||||||
day:
|
day:
|
||||||
description:
|
description:
|
||||||
- Day of the month the job should run ( 1-31, *, */2, etc )
|
- Day of the month the job should run ( 1-31, *, */2, etc )
|
||||||
|
type: str
|
||||||
default: "*"
|
default: "*"
|
||||||
aliases: [ dom ]
|
aliases: [ dom ]
|
||||||
month:
|
month:
|
||||||
description:
|
description:
|
||||||
- Month of the year the job should run ( 1-12, *, */2, etc )
|
- Month of the year the job should run ( 1-12, *, */2, etc )
|
||||||
|
type: str
|
||||||
default: "*"
|
default: "*"
|
||||||
weekday:
|
weekday:
|
||||||
description:
|
description:
|
||||||
- Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc )
|
- Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc )
|
||||||
|
type: str
|
||||||
default: "*"
|
default: "*"
|
||||||
aliases: [ dow ]
|
aliases: [ dow ]
|
||||||
reboot:
|
reboot:
|
||||||
|
@ -95,10 +106,11 @@ options:
|
||||||
- If the job should be run at reboot. This option is deprecated. Users should use special_time.
|
- If the job should be run at reboot. This option is deprecated. Users should use special_time.
|
||||||
version_added: "1.0"
|
version_added: "1.0"
|
||||||
type: bool
|
type: bool
|
||||||
default: "no"
|
default: no
|
||||||
special_time:
|
special_time:
|
||||||
description:
|
description:
|
||||||
- Special time specification nickname.
|
- Special time specification nickname.
|
||||||
|
type: str
|
||||||
choices: [ annually, daily, hourly, monthly, reboot, weekly, yearly ]
|
choices: [ annually, daily, hourly, monthly, reboot, weekly, yearly ]
|
||||||
version_added: "1.3"
|
version_added: "1.3"
|
||||||
disabled:
|
disabled:
|
||||||
|
@ -106,24 +118,27 @@ options:
|
||||||
- If the job should be disabled (commented out) in the crontab.
|
- If the job should be disabled (commented out) in the crontab.
|
||||||
- Only has effect if C(state=present).
|
- Only has effect if C(state=present).
|
||||||
type: bool
|
type: bool
|
||||||
default: 'no'
|
default: no
|
||||||
version_added: "2.0"
|
version_added: "2.0"
|
||||||
env:
|
env:
|
||||||
description:
|
description:
|
||||||
- If set, manages a crontab's environment variable. New variables are added on top of crontab.
|
- If set, manages a crontab's environment variable.
|
||||||
"name" and "value" parameters are the name and the value of environment variable.
|
- New variables are added on top of crontab.
|
||||||
|
- C(name) and C(value) parameters are the name and the value of environment variable.
|
||||||
type: bool
|
type: bool
|
||||||
default: "no"
|
default: no
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
insertafter:
|
insertafter:
|
||||||
description:
|
description:
|
||||||
- Used with C(state=present) and C(env). If specified, the environment variable will be
|
- Used with C(state=present) and C(env).
|
||||||
inserted after the declaration of specified environment variable.
|
- If specified, the environment variable will be inserted after the declaration of specified environment variable.
|
||||||
|
type: str
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
insertbefore:
|
insertbefore:
|
||||||
description:
|
description:
|
||||||
- Used with C(state=present) and C(env). If specified, the environment variable will be
|
- Used with C(state=present) and C(env).
|
||||||
inserted before the declaration of specified environment variable.
|
- If specified, the environment variable will be inserted before the declaration of specified environment variable.
|
||||||
|
type: str
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
requirements:
|
requirements:
|
||||||
- cron
|
- cron
|
||||||
|
@ -133,9 +148,9 @@ author:
|
||||||
- Patrick Callahan (@dirtyharrycallahan)
|
- Patrick Callahan (@dirtyharrycallahan)
|
||||||
- Evan Kaufman (@EvanK)
|
- Evan Kaufman (@EvanK)
|
||||||
- Luca Berruti (@lberruti)
|
- Luca Berruti (@lberruti)
|
||||||
"""
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
- name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null"
|
- name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null"
|
||||||
cron:
|
cron:
|
||||||
name: "check dirs"
|
name: "check dirs"
|
||||||
|
|
|
@ -20,58 +20,65 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
DOCUMENTATION = """
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: cronvar
|
module: cronvar
|
||||||
short_description: Manage variables in crontabs
|
short_description: Manage variables in crontabs
|
||||||
description:
|
description:
|
||||||
- Use this module to manage crontab variables. This module allows
|
- Use this module to manage crontab variables.
|
||||||
you to create, update, or delete cron variable definitions.
|
- This module allows you to create, update, or delete cron variable definitions.
|
||||||
version_added: "2.0"
|
version_added: "2.0"
|
||||||
options:
|
options:
|
||||||
name:
|
name:
|
||||||
description:
|
description:
|
||||||
- Name of the crontab variable.
|
- Name of the crontab variable.
|
||||||
|
type: str
|
||||||
required: yes
|
required: yes
|
||||||
value:
|
value:
|
||||||
description:
|
description:
|
||||||
- The value to set this variable to.
|
- The value to set this variable to.
|
||||||
- Required if C(state=present).
|
- Required if C(state=present).
|
||||||
|
type: str
|
||||||
insertafter:
|
insertafter:
|
||||||
description:
|
description:
|
||||||
- If specified, the variable will be inserted after the variable specified.
|
- If specified, the variable will be inserted after the variable specified.
|
||||||
- Used with C(state=present).
|
- Used with C(state=present).
|
||||||
|
type: str
|
||||||
insertbefore:
|
insertbefore:
|
||||||
description:
|
description:
|
||||||
- Used with C(state=present). If specified, the variable will be inserted
|
- Used with C(state=present). If specified, the variable will be inserted
|
||||||
just before the variable specified.
|
just before the variable specified.
|
||||||
|
type: str
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Whether to ensure that the variable is present or absent.
|
- Whether to ensure that the variable is present or absent.
|
||||||
|
type: str
|
||||||
choices: [ absent, present ]
|
choices: [ absent, present ]
|
||||||
default: present
|
default: present
|
||||||
user:
|
user:
|
||||||
description:
|
description:
|
||||||
- The specific user whose crontab should be modified.
|
- The specific user whose crontab should be modified.
|
||||||
default: root
|
- This parameter defaults to C(root) when unset.
|
||||||
|
type: str
|
||||||
cron_file:
|
cron_file:
|
||||||
description:
|
description:
|
||||||
- If specified, uses this file instead of an individual user's crontab.
|
- If specified, uses this file instead of an individual user's crontab.
|
||||||
Without a leading /, this is assumed to be in /etc/cron.d. With a leading
|
- Without a leading C(/), this is assumed to be in I(/etc/cron.d).
|
||||||
/, this is taken as absolute.
|
- With a leading C(/), this is taken as absolute.
|
||||||
|
type: str
|
||||||
backup:
|
backup:
|
||||||
description:
|
description:
|
||||||
- If set, create a backup of the crontab before it is modified.
|
- If set, create a backup of the crontab before it is modified.
|
||||||
The location of the backup is returned in the C(backup) variable by this module.
|
The location of the backup is returned in the C(backup) variable by this module.
|
||||||
type: bool
|
type: bool
|
||||||
default: 'no'
|
default: no
|
||||||
requirements:
|
requirements:
|
||||||
- cron
|
- cron
|
||||||
author:
|
author:
|
||||||
- Doug Luce (@dougluce)
|
- Doug Luce (@dougluce)
|
||||||
"""
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
- name: Ensure entry like "EMAIL=doug@ansibmod.con.com" exists
|
- name: Ensure entry like "EMAIL=doug@ansibmod.con.com" exists
|
||||||
cronvar:
|
cronvar:
|
||||||
name: EMAIL
|
name: EMAIL
|
||||||
|
|
|
@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: crypttab
|
module: crypttab
|
||||||
short_description: Encrypted Linux block devices
|
short_description: Encrypted Linux block devices
|
||||||
|
@ -24,38 +24,44 @@ options:
|
||||||
- Name of the encrypted block device as it appears in the C(/etc/crypttab) file, or
|
- Name of the encrypted block device as it appears in the C(/etc/crypttab) file, or
|
||||||
optionally prefixed with C(/dev/mapper/), as it appears in the filesystem. I(/dev/mapper/)
|
optionally prefixed with C(/dev/mapper/), as it appears in the filesystem. I(/dev/mapper/)
|
||||||
will be stripped from I(name).
|
will be stripped from I(name).
|
||||||
|
type: str
|
||||||
required: yes
|
required: yes
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Use I(present) to add a line to C(/etc/crypttab) or update it's definition
|
- Use I(present) to add a line to C(/etc/crypttab) or update its definition
|
||||||
if already present. Use I(absent) to remove a line with matching I(name).
|
if already present.
|
||||||
Use I(opts_present) to add options to those already present; options with
|
- Use I(absent) to remove a line with matching I(name).
|
||||||
different values will be updated. Use I(opts_absent) to remove options from
|
- Use I(opts_present) to add options to those already present; options with
|
||||||
the existing set.
|
different values will be updated.
|
||||||
|
- Use I(opts_absent) to remove options from the existing set.
|
||||||
|
type: str
|
||||||
required: yes
|
required: yes
|
||||||
choices: [ absent, opts_absent, opts_present, present ]
|
choices: [ absent, opts_absent, opts_present, present ]
|
||||||
backing_device:
|
backing_device:
|
||||||
description:
|
description:
|
||||||
- Path to the underlying block device or file, or the UUID of a block-device
|
- Path to the underlying block device or file, or the UUID of a block-device
|
||||||
prefixed with I(UUID=).
|
prefixed with I(UUID=).
|
||||||
|
type: str
|
||||||
password:
|
password:
|
||||||
description:
|
description:
|
||||||
- Encryption password, the path to a file containing the password, or
|
- Encryption password, the path to a file containing the password, or
|
||||||
C(none) or C(-) if the password should be entered at boot.
|
C(-) or unset if the password should be entered at boot.
|
||||||
default: 'none'
|
type: path
|
||||||
opts:
|
opts:
|
||||||
description:
|
description:
|
||||||
- A comma-delimited list of options. See C(crypttab(5) ) for details.
|
- A comma-delimited list of options. See C(crypttab(5) ) for details.
|
||||||
|
type: str
|
||||||
path:
|
path:
|
||||||
description:
|
description:
|
||||||
- Path to file to use instead of C(/etc/crypttab). This might be useful
|
- Path to file to use instead of C(/etc/crypttab).
|
||||||
in a chroot environment.
|
- This might be useful in a chroot environment.
|
||||||
|
type: path
|
||||||
default: /etc/crypttab
|
default: /etc/crypttab
|
||||||
author:
|
author:
|
||||||
- Steve (@groks)
|
- Steve (@groks)
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
- name: Set the options explicitly a device which must already exist
|
- name: Set the options explicitly a device which must already exist
|
||||||
crypttab:
|
crypttab:
|
||||||
name: luks-home
|
name: luks-home
|
||||||
|
|
|
@ -11,12 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['stableinterface'],
|
'status': ['stableinterface'],
|
||||||
'supported_by': 'core'}
|
'supported_by': 'core'}
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: debconf
|
module: debconf
|
||||||
short_description: Configure a .deb package
|
short_description: Configure a .deb package
|
||||||
description:
|
description:
|
||||||
- Configure a .deb package using debconf-set-selections. Or just query existing selections.
|
- Configure a .deb package using debconf-set-selections.
|
||||||
|
- Or just query existing selections.
|
||||||
version_added: "1.6"
|
version_added: "1.6"
|
||||||
notes:
|
notes:
|
||||||
- This module requires the command line debconf tools.
|
- This module requires the command line debconf tools.
|
||||||
|
@ -24,37 +25,42 @@ notes:
|
||||||
Use 'debconf-show <package>' on any Debian or derivative with the package
|
Use 'debconf-show <package>' on any Debian or derivative with the package
|
||||||
installed to see questions/settings available.
|
installed to see questions/settings available.
|
||||||
- Some distros will always record tasks involving the setting of passwords as changed. This is due to debconf-get-selections masking passwords.
|
- Some distros will always record tasks involving the setting of passwords as changed. This is due to debconf-get-selections masking passwords.
|
||||||
requirements: [ debconf, debconf-utils ]
|
requirements:
|
||||||
|
- debconf
|
||||||
|
- debconf-utils
|
||||||
options:
|
options:
|
||||||
name:
|
name:
|
||||||
description:
|
description:
|
||||||
- Name of package to configure.
|
- Name of package to configure.
|
||||||
|
type: str
|
||||||
required: true
|
required: true
|
||||||
aliases: [ pkg ]
|
aliases: [ pkg ]
|
||||||
question:
|
question:
|
||||||
description:
|
description:
|
||||||
- A debconf configuration setting.
|
- A debconf configuration setting.
|
||||||
|
type: str
|
||||||
aliases: [ selection, setting ]
|
aliases: [ selection, setting ]
|
||||||
vtype:
|
vtype:
|
||||||
description:
|
description:
|
||||||
- The type of the value supplied.
|
- The type of the value supplied.
|
||||||
- C(seen) was added in 2.2.
|
- C(seen) was added in Ansible 2.2.
|
||||||
choices: [ boolean, error, multiselect, note, password, seen, select, string, text, title, text ]
|
type: str
|
||||||
|
choices: [ boolean, error, multiselect, note, password, seen, select, string, text, title ]
|
||||||
value:
|
value:
|
||||||
description:
|
description:
|
||||||
- Value to set the configuration to.
|
- Value to set the configuration to.
|
||||||
|
type: str
|
||||||
aliases: [ answer ]
|
aliases: [ answer ]
|
||||||
unseen:
|
unseen:
|
||||||
description:
|
description:
|
||||||
- Do not set 'seen' flag when pre-seeding.
|
- Do not set 'seen' flag when pre-seeding.
|
||||||
type: bool
|
type: bool
|
||||||
default: False
|
default: no
|
||||||
author:
|
author:
|
||||||
- Brian Coca (@bcoca)
|
- Brian Coca (@bcoca)
|
||||||
|
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
- name: Set default locale to fr_FR.UTF-8
|
- name: Set default locale to fr_FR.UTF-8
|
||||||
debconf:
|
debconf:
|
||||||
name: locales
|
name: locales
|
||||||
|
|
|
@ -7,12 +7,10 @@
|
||||||
from __future__ import absolute_import, division, print_function
|
from __future__ import absolute_import, division, print_function
|
||||||
__metaclass__ = type
|
__metaclass__ = type
|
||||||
|
|
||||||
|
|
||||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
|
|
||||||
DOCUMENTATION = r'''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: firewalld
|
module: firewalld
|
||||||
|
@ -57,12 +55,11 @@ options:
|
||||||
version_added: "2.8"
|
version_added: "2.8"
|
||||||
zone:
|
zone:
|
||||||
description:
|
description:
|
||||||
- >
|
- The firewalld zone to add/remove to/from.
|
||||||
The firewalld zone to add/remove to/from (NOTE: default zone can be configured per system but "public" is default from upstream.
|
- Note that the default zone can be configured per system but C(public) is default from upstream.
|
||||||
- Available choices can be extended based on per-system configs, listed here are "out of the box" defaults).
|
- Available choices can be extended based on per-system configs, listed here are "out of the box" defaults).
|
||||||
- Possible values include C(block), C(dmz), C(drop), C(external), C(home), C(internal), C(public), C(trusted), C(work) ]
|
- Possible values include C(block), C(dmz), C(drop), C(external), C(home), C(internal), C(public), C(trusted), C(work) ]
|
||||||
type: str
|
type: str
|
||||||
default: system-default(public)
|
|
||||||
permanent:
|
permanent:
|
||||||
description:
|
description:
|
||||||
- Should this configuration be in the running firewalld configuration or persist across reboots.
|
- Should this configuration be in the running firewalld configuration or persist across reboots.
|
||||||
|
@ -109,8 +106,10 @@ notes:
|
||||||
The module will not take care of this for you implicitly because that would undo any previously performed immediate actions which were not
|
The module will not take care of this for you implicitly because that would undo any previously performed immediate actions which were not
|
||||||
permanent. Therefore, if you require immediate access to a newly created zone it is recommended you reload firewalld immediately after the zone
|
permanent. Therefore, if you require immediate access to a newly created zone it is recommended you reload firewalld immediately after the zone
|
||||||
creation returns with a changed state and before you perform any other immediate, non-permanent actions on that zone.
|
creation returns with a changed state and before you perform any other immediate, non-permanent actions on that zone.
|
||||||
requirements: [ 'firewalld >= 0.2.11' ]
|
requirements:
|
||||||
author: "Adam Miller (@maxamillion)"
|
- firewalld >= 0.2.11
|
||||||
|
author:
|
||||||
|
- Adam Miller (@maxamillion)
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = r'''
|
EXAMPLES = r'''
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
#
|
|
||||||
# Copyright: (c) 2015, Linus Unnebäck <linus@folkdatorn.se>
|
# Copyright: (c) 2015, Linus Unnebäck <linus@folkdatorn.se>
|
||||||
# Copyright: (c) 2017, Sébastien DA ROCHA <sebastien@da-rocha.net>
|
# Copyright: (c) 2017, Sébastien DA ROCHA <sebastien@da-rocha.net>
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
@ -12,7 +12,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'core'}
|
'supported_by': 'core'}
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: iptables
|
module: iptables
|
||||||
short_description: Modify iptables rules
|
short_description: Modify iptables rules
|
||||||
|
@ -28,60 +28,61 @@ description:
|
||||||
same as the behaviour of the C(iptables) and C(ip6tables) command which
|
same as the behaviour of the C(iptables) and C(ip6tables) command which
|
||||||
this module uses internally.
|
this module uses internally.
|
||||||
notes:
|
notes:
|
||||||
- This module just deals with individual rules. If you need advanced
|
- This module just deals with individual rules.If you need advanced
|
||||||
chaining of rules the recommended way is to template the iptables restore
|
chaining of rules the recommended way is to template the iptables restore
|
||||||
file.
|
file.
|
||||||
options:
|
options:
|
||||||
table:
|
table:
|
||||||
description:
|
description:
|
||||||
- This option specifies the packet matching table which the command
|
- This option specifies the packet matching table which the command should operate on.
|
||||||
should operate on. If the kernel is configured with automatic module
|
- If the kernel is configured with automatic module loading, an attempt will be made
|
||||||
loading, an attempt will be made to load the appropriate module for
|
to load the appropriate module for that table if it is not already there.
|
||||||
that table if it is not already there.
|
type: str
|
||||||
choices: [ filter, nat, mangle, raw, security ]
|
choices: [ filter, nat, mangle, raw, security ]
|
||||||
default: filter
|
default: filter
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Whether the rule should be absent or present.
|
- Whether the rule should be absent or present.
|
||||||
|
type: str
|
||||||
choices: [ absent, present ]
|
choices: [ absent, present ]
|
||||||
default: present
|
default: present
|
||||||
action:
|
action:
|
||||||
description:
|
description:
|
||||||
- Whether the rule should be appended at the bottom or inserted at the top.
|
- Whether the rule should be appended at the bottom or inserted at the top.
|
||||||
- If the rule already exists the chain won't be modified.
|
- If the rule already exists the chain will not be modified.
|
||||||
|
type: str
|
||||||
choices: [ append, insert ]
|
choices: [ append, insert ]
|
||||||
default: append
|
default: append
|
||||||
version_added: "2.2"
|
version_added: "2.2"
|
||||||
rule_num:
|
rule_num:
|
||||||
description:
|
description:
|
||||||
- Insert the rule as the given rule number. This works only with
|
- Insert the rule as the given rule number.
|
||||||
action = 'insert'.
|
- This works only with C(action=insert).
|
||||||
|
type: str
|
||||||
version_added: "2.5"
|
version_added: "2.5"
|
||||||
ip_version:
|
ip_version:
|
||||||
description:
|
description:
|
||||||
- Which version of the IP protocol this rule should apply to.
|
- Which version of the IP protocol this rule should apply to.
|
||||||
|
type: str
|
||||||
choices: [ ipv4, ipv6 ]
|
choices: [ ipv4, ipv6 ]
|
||||||
default: ipv4
|
default: ipv4
|
||||||
chain:
|
chain:
|
||||||
description:
|
description:
|
||||||
- "Specify the iptables chain to modify. This could be a user-defined chain or one of the standard iptables chains:"
|
- Specify the iptables chain to modify.
|
||||||
- C(INPUT)
|
- This could be a user-defined chain or one of the standard iptables chains, like
|
||||||
- C(FORWARD)
|
C(INPUT), C(FORWARD), C(OUTPUT), C(PREROUTING), C(POSTROUTING), C(SECMARK) or C(CONNSECMARK).
|
||||||
- C(OUTPUT)
|
type: str
|
||||||
- C(PREROUTING)
|
|
||||||
- C(POSTROUTING)
|
|
||||||
- C(SECMARK)
|
|
||||||
- C(CONNSECMARK)
|
|
||||||
protocol:
|
protocol:
|
||||||
description:
|
description:
|
||||||
- The protocol of the rule or of the packet to check.
|
- The protocol of the rule or of the packet to check.
|
||||||
- The specified protocol can be one of tcp, udp, udplite, icmp, esp,
|
- The specified protocol can be one of C(tcp), C(udp), C(udplite), C(icmp), C(esp),
|
||||||
ah, sctp or the special keyword "all", or it can be a numeric value,
|
C(ah), C(sctp) or the special keyword C(all), or it can be a numeric value,
|
||||||
representing one of these protocols or a different one. A protocol
|
representing one of these protocols or a different one.
|
||||||
name from /etc/protocols is also allowed. A "!" argument before the
|
- A protocol name from I(/etc/protocols) is also allowed.
|
||||||
protocol inverts the test. The number zero is equivalent to all.
|
- A C(!) argument before the protocol inverts the test.
|
||||||
"all" will match with all protocols and is taken as default when this
|
- The number zero is equivalent to all.
|
||||||
option is omitted.
|
- C(all) will match with all protocols and is taken as default when this option is omitted.
|
||||||
|
type: str
|
||||||
source:
|
source:
|
||||||
description:
|
description:
|
||||||
- Source specification.
|
- Source specification.
|
||||||
|
@ -92,8 +93,9 @@ options:
|
||||||
a remote query such as DNS is a really bad idea.
|
a remote query such as DNS is a really bad idea.
|
||||||
- The mask can be either a network mask or a plain number, specifying
|
- The mask can be either a network mask or a plain number, specifying
|
||||||
the number of 1's at the left side of the network mask. Thus, a mask
|
the number of 1's at the left side of the network mask. Thus, a mask
|
||||||
of 24 is equivalent to 255.255.255.0. A "!" argument before the
|
of 24 is equivalent to 255.255.255.0. A C(!) argument before the
|
||||||
address specification inverts the sense of the address.
|
address specification inverts the sense of the address.
|
||||||
|
type: str
|
||||||
destination:
|
destination:
|
||||||
description:
|
description:
|
||||||
- Destination specification.
|
- Destination specification.
|
||||||
|
@ -104,82 +106,96 @@ options:
|
||||||
a remote query such as DNS is a really bad idea.
|
a remote query such as DNS is a really bad idea.
|
||||||
- The mask can be either a network mask or a plain number, specifying
|
- The mask can be either a network mask or a plain number, specifying
|
||||||
the number of 1's at the left side of the network mask. Thus, a mask
|
the number of 1's at the left side of the network mask. Thus, a mask
|
||||||
of 24 is equivalent to 255.255.255.0. A "!" argument before the
|
of 24 is equivalent to 255.255.255.0. A C(!) argument before the
|
||||||
address specification inverts the sense of the address.
|
address specification inverts the sense of the address.
|
||||||
|
type: str
|
||||||
tcp_flags:
|
tcp_flags:
|
||||||
description:
|
description:
|
||||||
- TCP flags specification.
|
- TCP flags specification.
|
||||||
- C(tcp_flags) expects a dict with the two keys C(flags) and C(flags_set).
|
- C(tcp_flags) expects a dict with the two keys C(flags) and C(flags_set).
|
||||||
|
type: dict
|
||||||
default: {}
|
default: {}
|
||||||
version_added: "2.4"
|
version_added: "2.4"
|
||||||
suboptions:
|
suboptions:
|
||||||
flags:
|
flags:
|
||||||
description:
|
description:
|
||||||
- List of flags you want to examine.
|
- List of flags you want to examine.
|
||||||
|
type: list
|
||||||
flags_set:
|
flags_set:
|
||||||
description:
|
description:
|
||||||
- Flags to be set.
|
- Flags to be set.
|
||||||
|
type: list
|
||||||
match:
|
match:
|
||||||
description:
|
description:
|
||||||
- Specifies a match to use, that is, an extension module that tests for
|
- Specifies a match to use, that is, an extension module that tests for
|
||||||
a specific property. The set of matches make up the condition under
|
a specific property.
|
||||||
which a target is invoked. Matches are evaluated first to last if
|
- The set of matches make up the condition under which a target is invoked.
|
||||||
specified as an array and work in short-circuit fashion, i.e. if one
|
- Matches are evaluated first to last if specified as an array and work in short-circuit
|
||||||
extension yields false, evaluation will stop.
|
fashion, i.e. if one extension yields false, evaluation will stop.
|
||||||
|
type: list
|
||||||
default: []
|
default: []
|
||||||
jump:
|
jump:
|
||||||
description:
|
description:
|
||||||
- This specifies the target of the rule; i.e., what to do if the packet
|
- This specifies the target of the rule; i.e., what to do if the packet matches it.
|
||||||
matches it. The target can be a user-defined chain (other than the one
|
- The target can be a user-defined chain (other than the one
|
||||||
this rule is in), one of the special builtin targets which decide the
|
this rule is in), one of the special builtin targets which decide the
|
||||||
fate of the packet immediately, or an extension (see EXTENSIONS
|
fate of the packet immediately, or an extension (see EXTENSIONS
|
||||||
below). If this option is omitted in a rule (and the goto parameter
|
below).
|
||||||
|
- If this option is omitted in a rule (and the goto parameter
|
||||||
is not used), then matching the rule will have no effect on the
|
is not used), then matching the rule will have no effect on the
|
||||||
packet's fate, but the counters on the rule will be incremented.
|
packet's fate, but the counters on the rule will be incremented.
|
||||||
|
type: str
|
||||||
log_prefix:
|
log_prefix:
|
||||||
description:
|
description:
|
||||||
- Specifies a log text for the rule. Only make sense with a LOG jump.
|
- Specifies a log text for the rule. Only make sense with a LOG jump.
|
||||||
|
type: str
|
||||||
version_added: "2.5"
|
version_added: "2.5"
|
||||||
goto:
|
goto:
|
||||||
description:
|
description:
|
||||||
- This specifies that the processing should continue in a user specified
|
- This specifies that the processing should continue in a user specified chain.
|
||||||
chain. Unlike the jump argument return will not continue processing in
|
- Unlike the jump argument return will not continue processing in
|
||||||
this chain but instead in the chain that called us via jump.
|
this chain but instead in the chain that called us via jump.
|
||||||
|
type: str
|
||||||
in_interface:
|
in_interface:
|
||||||
description:
|
description:
|
||||||
- Name of an interface via which a packet was received (only for packets
|
- Name of an interface via which a packet was received (only for packets
|
||||||
entering the INPUT, FORWARD and PREROUTING chains). When the "!"
|
entering the C(INPUT), C(FORWARD) and C(PREROUTING) chains).
|
||||||
argument is used before the interface name, the sense is inverted. If
|
- When the C(!) argument is used before the interface name, the sense is inverted.
|
||||||
the interface name ends in a "+", then any interface which begins with
|
- If the interface name ends in a C(+), then any interface which begins with
|
||||||
this name will match. If this option is omitted, any interface name
|
this name will match.
|
||||||
will match.
|
- If this option is omitted, any interface name will match.
|
||||||
|
type: str
|
||||||
out_interface:
|
out_interface:
|
||||||
description:
|
description:
|
||||||
- Name of an interface via which a packet is going to be sent (for
|
- Name of an interface via which a packet is going to be sent (for
|
||||||
packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the
|
packets entering the C(FORWARD), C(OUTPUT) and C(POSTROUTING) chains).
|
||||||
"!" argument is used before the interface name, the sense is inverted.
|
- When the C(!) argument is used before the interface name, the sense is inverted.
|
||||||
If the interface name ends in a "+", then any interface which begins
|
- If the interface name ends in a C(+), then any interface which begins
|
||||||
with this name will match. If this option is omitted, any interface
|
with this name will match.
|
||||||
name will match.
|
- If this option is omitted, any interface name will match.
|
||||||
|
type: str
|
||||||
fragment:
|
fragment:
|
||||||
description:
|
description:
|
||||||
- This means that the rule only refers to second and further fragments
|
- This means that the rule only refers to second and further fragments
|
||||||
of fragmented packets. Since there is no way to tell the source or
|
of fragmented packets.
|
||||||
destination ports of such a packet (or ICMP type), such a packet will
|
- Since there is no way to tell the source or destination ports of such
|
||||||
not match any rules which specify them. When the "!" argument precedes
|
a packet (or ICMP type), such a packet will not match any rules which specify them.
|
||||||
fragment argument, the rule will only match head fragments, or
|
- When the "!" argument precedes fragment argument, the rule will only match head fragments,
|
||||||
unfragmented packets.
|
or unfragmented packets.
|
||||||
|
type: str
|
||||||
set_counters:
|
set_counters:
|
||||||
description:
|
description:
|
||||||
- This enables the administrator to initialize the packet and byte
|
- This enables the administrator to initialize the packet and byte
|
||||||
counters of a rule (during INSERT, APPEND, REPLACE operations).
|
counters of a rule (during C(INSERT), C(APPEND), C(REPLACE) operations).
|
||||||
|
type: str
|
||||||
source_port:
|
source_port:
|
||||||
description:
|
description:
|
||||||
- Source port or port range specification. This can either be a service
|
- Source port or port range specification.
|
||||||
name or a port number. An inclusive range can also be specified, using
|
- This can either be a service name or a port number.
|
||||||
the format first:last. If the first port is omitted, '0' is assumed;
|
- An inclusive range can also be specified, using the format C(first:last).
|
||||||
if the last is omitted, '65535' is assumed. If the first port is
|
- If the first port is omitted, C(0) is assumed; if the last is omitted, C(65535) is assumed.
|
||||||
greater than the second one they will be swapped.
|
- If the first port is greater than the second one they will be swapped.
|
||||||
|
type: str
|
||||||
destination_port:
|
destination_port:
|
||||||
description:
|
description:
|
||||||
- "Destination port or port range specification. This can either be
|
- "Destination port or port range specification. This can either be
|
||||||
|
@ -189,27 +205,32 @@ options:
|
||||||
first port is greater than the second one they will be swapped.
|
first port is greater than the second one they will be swapped.
|
||||||
This is only valid if the rule also specifies one of the following
|
This is only valid if the rule also specifies one of the following
|
||||||
protocols: tcp, udp, dccp or sctp."
|
protocols: tcp, udp, dccp or sctp."
|
||||||
|
type: str
|
||||||
to_ports:
|
to_ports:
|
||||||
description:
|
description:
|
||||||
- "This specifies a destination port or range of ports to use: without
|
- This specifies a destination port or range of ports to use, without
|
||||||
this, the destination port is never altered. This is only valid if the
|
this, the destination port is never altered.
|
||||||
rule also specifies one of the following protocols: tcp, udp, dccp or
|
- This is only valid if the rule also specifies one of the protocol
|
||||||
sctp."
|
C(tcp), C(udp), C(dccp) or C(sctp).
|
||||||
|
type: str
|
||||||
to_destination:
|
to_destination:
|
||||||
description:
|
description:
|
||||||
- This specifies a destination address to use with DNAT.
|
- This specifies a destination address to use with C(DNAT).
|
||||||
- Without this, the destination address is never altered.
|
- Without this, the destination address is never altered.
|
||||||
|
type: str
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
to_source:
|
to_source:
|
||||||
description:
|
description:
|
||||||
- This specifies a source address to use with SNAT.
|
- This specifies a source address to use with C(SNAT).
|
||||||
- Without this, the source address is never altered.
|
- Without this, the source address is never altered.
|
||||||
|
type: str
|
||||||
version_added: "2.2"
|
version_added: "2.2"
|
||||||
syn:
|
syn:
|
||||||
description:
|
description:
|
||||||
- This allows matching packets that have the SYN bit set and the ACK
|
- This allows matching packets that have the SYN bit set and the ACK
|
||||||
and RST bits unset.
|
and RST bits unset.
|
||||||
- When negated, this matches all packets with the RST or the ACK bits set.
|
- When negated, this matches all packets with the RST or the ACK bits set.
|
||||||
|
type: str
|
||||||
choices: [ ignore, match, negate ]
|
choices: [ ignore, match, negate ]
|
||||||
default: ignore
|
default: ignore
|
||||||
version_added: "2.5"
|
version_added: "2.5"
|
||||||
|
@ -218,28 +239,24 @@ options:
|
||||||
- This allows specifying a DSCP mark to be added to packets.
|
- This allows specifying a DSCP mark to be added to packets.
|
||||||
It takes either an integer or hex value.
|
It takes either an integer or hex value.
|
||||||
- Mutually exclusive with C(set_dscp_mark_class).
|
- Mutually exclusive with C(set_dscp_mark_class).
|
||||||
|
type: str
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
set_dscp_mark_class:
|
set_dscp_mark_class:
|
||||||
description:
|
description:
|
||||||
- This allows specifying a predefined DiffServ class which will be
|
- This allows specifying a predefined DiffServ class which will be
|
||||||
translated to the corresponding DSCP mark.
|
translated to the corresponding DSCP mark.
|
||||||
- Mutually exclusive with C(set_dscp_mark).
|
- Mutually exclusive with C(set_dscp_mark).
|
||||||
|
type: str
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
comment:
|
comment:
|
||||||
description:
|
description:
|
||||||
- This specifies a comment that will be added to the rule.
|
- This specifies a comment that will be added to the rule.
|
||||||
|
type: str
|
||||||
ctstate:
|
ctstate:
|
||||||
description:
|
description:
|
||||||
- "C(ctstate) is a list of the connection states to match in the conntrack
|
- C(ctstate) is a list of the connection states to match in the conntrack module.
|
||||||
module. Possible states are:"
|
- Possible states are C(INVALID), C(NEW), C(ESTABLISHED), C(RELATED), C(UNTRACKED), C(SNAT), C(DNAT)
|
||||||
- C(INVALID)
|
type: list
|
||||||
- C(NEW)
|
|
||||||
- C(ESTABLISHED)
|
|
||||||
- C(RELATED)
|
|
||||||
- C(UNTRACKED)
|
|
||||||
- C(SNAT)
|
|
||||||
- C(DNAT)
|
|
||||||
choices: [ DNAT, ESTABLISHED, INVALID, NEW, RELATED, SNAT, UNTRACKED ]
|
|
||||||
default: []
|
default: []
|
||||||
limit:
|
limit:
|
||||||
description:
|
description:
|
||||||
|
@ -247,54 +264,60 @@ options:
|
||||||
- The number can specify units explicitly, using `/second', `/minute',
|
- The number can specify units explicitly, using `/second', `/minute',
|
||||||
`/hour' or `/day', or parts of them (so `5/second' is the same as
|
`/hour' or `/day', or parts of them (so `5/second' is the same as
|
||||||
`5/s').
|
`5/s').
|
||||||
|
type: str
|
||||||
limit_burst:
|
limit_burst:
|
||||||
description:
|
description:
|
||||||
- Specifies the maximum burst before the above limit kicks in.
|
- Specifies the maximum burst before the above limit kicks in.
|
||||||
|
type: str
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
uid_owner:
|
uid_owner:
|
||||||
description:
|
description:
|
||||||
- Specifies the UID or username to use in match by owner rule. From
|
- Specifies the UID or username to use in match by owner rule.
|
||||||
Ansible 2.6 when the C(!) argument is prepended then the it inverts
|
- From Ansible 2.6 when the C(!) argument is prepended then the it inverts
|
||||||
the rule to apply instead to all users except that one specified.
|
the rule to apply instead to all users except that one specified.
|
||||||
|
type: str
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
reject_with:
|
reject_with:
|
||||||
description:
|
description:
|
||||||
- 'Specifies the error packet type to return while rejecting. It implies
|
- 'Specifies the error packet type to return while rejecting. It implies
|
||||||
"jump: REJECT"'
|
"jump: REJECT"'
|
||||||
|
type: str
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
icmp_type:
|
icmp_type:
|
||||||
description:
|
description:
|
||||||
- This allows specification of the ICMP type, which can be a numeric
|
- This allows specification of the ICMP type, which can be a numeric
|
||||||
ICMP type, type/code pair, or one of the ICMP type names shown by the
|
ICMP type, type/code pair, or one of the ICMP type names shown by the
|
||||||
command 'iptables -p icmp -h'
|
command 'iptables -p icmp -h'
|
||||||
|
type: str
|
||||||
version_added: "2.2"
|
version_added: "2.2"
|
||||||
flush:
|
flush:
|
||||||
description:
|
description:
|
||||||
- Flushes the specified table and chain of all rules.
|
- Flushes the specified table and chain of all rules.
|
||||||
- If no chain is specified then the entire table is purged.
|
- If no chain is specified then the entire table is purged.
|
||||||
- Ignores all other parameters.
|
- Ignores all other parameters.
|
||||||
version_added: "2.2"
|
|
||||||
type: bool
|
type: bool
|
||||||
|
version_added: "2.2"
|
||||||
policy:
|
policy:
|
||||||
description:
|
description:
|
||||||
- Set the policy for the chain to the given target.
|
- Set the policy for the chain to the given target.
|
||||||
- Only built-in chains can have policies.
|
- Only built-in chains can have policies.
|
||||||
- This parameter requires the C(chain) parameter.
|
- This parameter requires the C(chain) parameter.
|
||||||
- Ignores all other parameters.
|
- Ignores all other parameters.
|
||||||
|
type: str
|
||||||
choices: [ ACCEPT, DROP, QUEUE, RETURN ]
|
choices: [ ACCEPT, DROP, QUEUE, RETURN ]
|
||||||
version_added: "2.2"
|
version_added: "2.2"
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
# Block specific IP
|
- name: Block specific IP
|
||||||
- iptables:
|
iptables:
|
||||||
chain: INPUT
|
chain: INPUT
|
||||||
source: 8.8.8.8
|
source: 8.8.8.8
|
||||||
jump: DROP
|
jump: DROP
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
# Forward port 80 to 8600
|
- name: Forward port 80 to 8600
|
||||||
- iptables:
|
iptables:
|
||||||
table: nat
|
table: nat
|
||||||
chain: PREROUTING
|
chain: PREROUTING
|
||||||
in_interface: eth0
|
in_interface: eth0
|
||||||
|
@ -306,15 +329,15 @@ EXAMPLES = '''
|
||||||
comment: Redirect web traffic to port 8600
|
comment: Redirect web traffic to port 8600
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
# Allow related and established connections
|
- name: Allow related and established connections
|
||||||
- iptables:
|
iptables:
|
||||||
chain: INPUT
|
chain: INPUT
|
||||||
ctstate: ESTABLISHED,RELATED
|
ctstate: ESTABLISHED,RELATED
|
||||||
jump: ACCEPT
|
jump: ACCEPT
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
# Allow new incoming SYN packets on TCP port 22 (SSH).
|
- name: Allow new incoming SYN packets on TCP port 22 (SSH).
|
||||||
- iptables:
|
iptables:
|
||||||
chain: INPUT
|
chain: INPUT
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
destination_port: 22
|
destination_port: 22
|
||||||
|
@ -323,44 +346,44 @@ EXAMPLES = '''
|
||||||
jump: ACCEPT
|
jump: ACCEPT
|
||||||
comment: Accept new SSH connections.
|
comment: Accept new SSH connections.
|
||||||
|
|
||||||
# Tag all outbound tcp packets with DSCP mark 8
|
- name: Tag all outbound tcp packets with DSCP mark 8
|
||||||
- iptables:
|
iptables:
|
||||||
chain: OUTPUT
|
chain: OUTPUT
|
||||||
jump: DSCP
|
jump: DSCP
|
||||||
table: mangle
|
table: mangle
|
||||||
set_dscp_mark: 8
|
set_dscp_mark: 8
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
|
|
||||||
# Tag all outbound tcp packets with DSCP DiffServ class CS1
|
- name: Tag all outbound tcp packets with DSCP DiffServ class CS1
|
||||||
- iptables:
|
iptables:
|
||||||
chain: OUTPUT
|
chain: OUTPUT
|
||||||
jump: DSCP
|
jump: DSCP
|
||||||
table: mangle
|
table: mangle
|
||||||
set_dscp_mark_class: CS1
|
set_dscp_mark_class: CS1
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
|
|
||||||
# Insert a rule on line 5
|
- name: Insert a rule on line 5
|
||||||
- iptables:
|
iptables:
|
||||||
chain: INPUT
|
chain: INPUT
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
destination_port: 8080
|
destination_port: 8080
|
||||||
jump: ACCEPT
|
jump: ACCEPT
|
||||||
rule_num: 5
|
rule_num: 5
|
||||||
|
|
||||||
# Set the policy for the INPUT chain to DROP
|
- name: Set the policy for the INPUT chain to DROP
|
||||||
- iptables:
|
iptables:
|
||||||
chain: INPUT
|
chain: INPUT
|
||||||
policy: DROP
|
policy: DROP
|
||||||
|
|
||||||
# Reject tcp with tcp-reset
|
- name: Reject tcp with tcp-reset
|
||||||
- iptables:
|
iptables:
|
||||||
chain: INPUT
|
chain: INPUT
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
reject_with: tcp-reset
|
reject_with: tcp-reset
|
||||||
ip_version: ipv4
|
ip_version: ipv4
|
||||||
|
|
||||||
# Set tcp flags
|
- name: Set tcp flags
|
||||||
- iptables:
|
iptables:
|
||||||
chain: OUTPUT
|
chain: OUTPUT
|
||||||
jump: DROP
|
jump: DROP
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
|
@ -381,7 +404,7 @@ EXAMPLES = '''
|
||||||
- name: iptables flush nat
|
- name: iptables flush nat
|
||||||
iptables:
|
iptables:
|
||||||
table: nat
|
table: nat
|
||||||
chain: "{{ item }}"
|
chain: '{{ item }}'
|
||||||
flush: yes
|
flush: yes
|
||||||
with_items: [ 'INPUT', 'OUTPUT', 'PREROUTING', 'POSTROUTING' ]
|
with_items: [ 'INPUT', 'OUTPUT', 'PREROUTING', 'POSTROUTING' ]
|
||||||
'''
|
'''
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
#
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# Copyright: (c) 2013, RSD Services S.A
|
# Copyright: (c) 2013, RSD Services S.A
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
|
||||||
|
@ -10,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: java_cert
|
module: java_cert
|
||||||
version_added: '2.3'
|
version_added: '2.3'
|
||||||
|
@ -21,62 +22,75 @@ description:
|
||||||
options:
|
options:
|
||||||
cert_url:
|
cert_url:
|
||||||
description:
|
description:
|
||||||
- Basic URL to fetch SSL certificate from. One of cert_url or cert_path is required to load certificate.
|
- Basic URL to fetch SSL certificate from.
|
||||||
|
- One of iC(cert_url) or C(cert_path) is required to load certificate.
|
||||||
|
type: str
|
||||||
cert_port:
|
cert_port:
|
||||||
description:
|
description:
|
||||||
- Port to connect to URL. This will be used to create server URL:PORT
|
- Port to connect to URL.
|
||||||
|
- This will be used to create server URL:PORT.
|
||||||
|
type: int
|
||||||
default: 443
|
default: 443
|
||||||
cert_path:
|
cert_path:
|
||||||
description:
|
description:
|
||||||
- Local path to load certificate from. One of cert_url or cert_path is required to load certificate.
|
- Local path to load certificate from.
|
||||||
|
- One of cert_url or cert_path is required to load certificate.
|
||||||
|
type: path
|
||||||
cert_alias:
|
cert_alias:
|
||||||
description:
|
description:
|
||||||
- Imported certificate alias. The alias is used when checking for the
|
- Imported certificate alias.
|
||||||
presence of a certificate in the keystore.
|
- The alias is used when checking for the presence of a certificate in the keystore.
|
||||||
|
type: str
|
||||||
pkcs12_path:
|
pkcs12_path:
|
||||||
description:
|
description:
|
||||||
- Local path to load PKCS12 keystore from.
|
- Local path to load PKCS12 keystore from.
|
||||||
|
type: path
|
||||||
version_added: "2.4"
|
version_added: "2.4"
|
||||||
pkcs12_password:
|
pkcs12_password:
|
||||||
description:
|
description:
|
||||||
- Password for importing from PKCS12 keystore.
|
- Password for importing from PKCS12 keystore.
|
||||||
|
type: str
|
||||||
default: ''
|
default: ''
|
||||||
version_added: "2.4"
|
version_added: "2.4"
|
||||||
pkcs12_alias:
|
pkcs12_alias:
|
||||||
description:
|
description:
|
||||||
- Alias in the PKCS12 keystore.
|
- Alias in the PKCS12 keystore.
|
||||||
default: 1
|
type: str
|
||||||
version_added: "2.4"
|
version_added: "2.4"
|
||||||
keystore_path:
|
keystore_path:
|
||||||
description:
|
description:
|
||||||
- Path to keystore.
|
- Path to keystore.
|
||||||
|
type: path
|
||||||
keystore_pass:
|
keystore_pass:
|
||||||
description:
|
description:
|
||||||
- Keystore password.
|
- Keystore password.
|
||||||
|
type: str
|
||||||
required: true
|
required: true
|
||||||
keystore_create:
|
keystore_create:
|
||||||
description:
|
description:
|
||||||
- Create keystore if it doesn't exist
|
- Create keystore if it does not exist.
|
||||||
type: bool
|
type: bool
|
||||||
keystore_type:
|
keystore_type:
|
||||||
description:
|
description:
|
||||||
- Keystore type (JCEKS, JKS).
|
- Keystore type (JCEKS, JKS).
|
||||||
default: None
|
type: str
|
||||||
version_added: "2.8"
|
version_added: "2.8"
|
||||||
executable:
|
executable:
|
||||||
description:
|
description:
|
||||||
- Path to keytool binary if not used we search in PATH for it.
|
- Path to keytool binary if not used we search in PATH for it.
|
||||||
|
type: str
|
||||||
default: keytool
|
default: keytool
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Defines action which can be either certificate import or removal.
|
- Defines action which can be either certificate import or removal.
|
||||||
|
type: str
|
||||||
choices: [ absent, present ]
|
choices: [ absent, present ]
|
||||||
default: present
|
default: present
|
||||||
author:
|
author:
|
||||||
- Adam Hamsik (@haad)
|
- Adam Hamsik (@haad)
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
- name: Import SSL certificate from google.com to a given cacerts keystore
|
- name: Import SSL certificate from google.com to a given cacerts keystore
|
||||||
java_cert:
|
java_cert:
|
||||||
cert_url: google.com
|
cert_url: google.com
|
||||||
|
@ -123,7 +137,7 @@ EXAMPLES = '''
|
||||||
state: present
|
state: present
|
||||||
'''
|
'''
|
||||||
|
|
||||||
RETURN = '''
|
RETURN = r'''
|
||||||
msg:
|
msg:
|
||||||
description: Output from stdout of keytool command after execution of given command.
|
description: Output from stdout of keytool command after execution of given command.
|
||||||
returned: success
|
returned: success
|
||||||
|
@ -131,13 +145,13 @@ msg:
|
||||||
sample: "Module require existing keystore at keystore_path '/tmp/test/cacerts'"
|
sample: "Module require existing keystore at keystore_path '/tmp/test/cacerts'"
|
||||||
|
|
||||||
rc:
|
rc:
|
||||||
description: Keytool command execution return value
|
description: Keytool command execution return value.
|
||||||
returned: success
|
returned: success
|
||||||
type: int
|
type: int
|
||||||
sample: "0"
|
sample: "0"
|
||||||
|
|
||||||
cmd:
|
cmd:
|
||||||
description: Executed command to get action done
|
description: Executed command to get action done.
|
||||||
returned: success
|
returned: success
|
||||||
type: str
|
type: str
|
||||||
sample: "keytool -importcert -noprompt -keystore"
|
sample: "keytool -importcert -noprompt -keystore"
|
||||||
|
@ -310,11 +324,11 @@ def main():
|
||||||
pkcs12_password=dict(type='str', no_log=True),
|
pkcs12_password=dict(type='str', no_log=True),
|
||||||
pkcs12_alias=dict(type='str'),
|
pkcs12_alias=dict(type='str'),
|
||||||
cert_alias=dict(type='str'),
|
cert_alias=dict(type='str'),
|
||||||
cert_port=dict(type='int', default='443'),
|
cert_port=dict(type='int', default=443),
|
||||||
keystore_path=dict(type='path'),
|
keystore_path=dict(type='path'),
|
||||||
keystore_pass=dict(type='str', required=True, no_log=True),
|
keystore_pass=dict(type='str', required=True, no_log=True),
|
||||||
keystore_create=dict(type='bool', default=False),
|
keystore_create=dict(type='bool', default=False),
|
||||||
keystore_type=dict(type='str', default=None),
|
keystore_type=dict(type='str'),
|
||||||
executable=dict(type='str', default='keytool'),
|
executable=dict(type='str', default='keytool'),
|
||||||
state=dict(type='str', default='present', choices=['absent', 'present']),
|
state=dict(type='str', default='present', choices=['absent', 'present']),
|
||||||
)
|
)
|
||||||
|
|
|
@ -1,23 +1,22 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# (c) 2015, Linus Unnebäck <linus@folkdatorn.se>
|
# Copyright: (c) 2015, Linus Unnebäck <linus@folkdatorn.se>
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
|
||||||
from __future__ import absolute_import, division, print_function
|
from __future__ import absolute_import, division, print_function
|
||||||
__metaclass__ = type
|
__metaclass__ = type
|
||||||
|
|
||||||
|
|
||||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
|
DOCUMENTATION = r'''
|
||||||
DOCUMENTATION = '''
|
|
||||||
---
|
---
|
||||||
module: make
|
module: make
|
||||||
short_description: Run targets in a Makefile
|
short_description: Run targets in a Makefile
|
||||||
requirements: [ make ]
|
requirements:
|
||||||
|
- make
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
author: Linus Unnebäck (@LinusU) <linus@folkdatorn.se>
|
author: Linus Unnebäck (@LinusU) <linus@folkdatorn.se>
|
||||||
description:
|
description:
|
||||||
|
@ -26,21 +25,25 @@ options:
|
||||||
target:
|
target:
|
||||||
description:
|
description:
|
||||||
- The target to run.
|
- The target to run.
|
||||||
- "Examples: C(install) or C(test)"
|
- Typically this would be something like C(install),C(test) or C(all)."
|
||||||
|
type: str
|
||||||
params:
|
params:
|
||||||
description:
|
description:
|
||||||
- Any extra parameters to pass to make
|
- Any extra parameters to pass to make.
|
||||||
|
type: dict
|
||||||
chdir:
|
chdir:
|
||||||
description:
|
description:
|
||||||
- Change to this directory before running make
|
- Change to this directory before running make.
|
||||||
|
type: path
|
||||||
required: true
|
required: true
|
||||||
file:
|
file:
|
||||||
description:
|
description:
|
||||||
- Use a custom Makefile
|
- Use a custom Makefile.
|
||||||
version_added: 2.5
|
type: path
|
||||||
|
version_added: '2.5'
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
- name: Build the default target
|
- name: Build the default target
|
||||||
make:
|
make:
|
||||||
chdir: /home/ubuntu/cool-project
|
chdir: /home/ubuntu/cool-project
|
||||||
|
@ -66,9 +69,7 @@ EXAMPLES = '''
|
||||||
file: /some-project/Makefile
|
file: /some-project/Makefile
|
||||||
'''
|
'''
|
||||||
|
|
||||||
# TODO: Disabled the RETURN as it was breaking docs building. Someone needs to
|
RETURN = r'''# '''
|
||||||
# fix this
|
|
||||||
RETURN = '''# '''
|
|
||||||
|
|
||||||
from ansible.module_utils.six import iteritems
|
from ansible.module_utils.six import iteritems
|
||||||
from ansible.module_utils.basic import AnsibleModule
|
from ansible.module_utils.basic import AnsibleModule
|
||||||
|
@ -105,13 +106,13 @@ def sanitize_output(output):
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
supports_check_mode=True,
|
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
target=dict(required=False, default=None, type='str'),
|
target=dict(type='str'),
|
||||||
params=dict(required=False, default=None, type='dict'),
|
params=dict(type='dict'),
|
||||||
chdir=dict(required=True, default=None, type='path'),
|
chdir=dict(type='path', required=True),
|
||||||
file=dict(required=False, default=None, type='path')
|
file=dict(type='path'),
|
||||||
),
|
),
|
||||||
|
supports_check_mode=True,
|
||||||
)
|
)
|
||||||
# Build up the invocation of `make` we are going to use
|
# Build up the invocation of `make` we are going to use
|
||||||
# For non-Linux OSes, prefer gmake (GNU make) over make
|
# For non-Linux OSes, prefer gmake (GNU make) over make
|
||||||
|
|
|
@ -13,7 +13,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'core'}
|
'supported_by': 'core'}
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: mount
|
module: mount
|
||||||
short_description: Control active and configured mount points
|
short_description: Control active and configured mount points
|
||||||
|
@ -27,33 +27,41 @@ options:
|
||||||
path:
|
path:
|
||||||
description:
|
description:
|
||||||
- Path to the mount point (e.g. C(/mnt/files)).
|
- Path to the mount point (e.g. C(/mnt/files)).
|
||||||
- Before 2.3 this option was only usable as I(dest), I(destfile) and
|
- Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
|
||||||
I(name).
|
type: path
|
||||||
required: true
|
required: true
|
||||||
aliases: [ name ]
|
aliases: [ name ]
|
||||||
src:
|
src:
|
||||||
description:
|
description:
|
||||||
- Device to be mounted on I(path). Required when I(state) set to
|
- Device to be mounted on I(path).
|
||||||
C(present) or C(mounted).
|
- Required when I(state) set to C(present) or C(mounted).
|
||||||
|
type: path
|
||||||
fstype:
|
fstype:
|
||||||
description:
|
description:
|
||||||
- Filesystem type. Required when I(state) is C(present) or C(mounted).
|
- Filesystem type.
|
||||||
|
- Required when I(state) is C(present) or C(mounted).
|
||||||
|
type: str
|
||||||
opts:
|
opts:
|
||||||
description:
|
description:
|
||||||
- Mount options (see fstab(5), or vfstab(4) on Solaris).
|
- Mount options (see fstab(5), or vfstab(4) on Solaris).
|
||||||
|
type: str
|
||||||
dump:
|
dump:
|
||||||
description:
|
description:
|
||||||
- Dump (see fstab(5)). Note that if set to C(null) and I(state) set to
|
- Dump (see fstab(5)).
|
||||||
C(present), it will cease to work and duplicate entries will be made
|
- Note that if set to C(null) and I(state) set to C(present),
|
||||||
|
it will cease to work and duplicate entries will be made
|
||||||
with subsequent runs.
|
with subsequent runs.
|
||||||
- Has no effect on Solaris systems.
|
- Has no effect on Solaris systems.
|
||||||
|
type: str
|
||||||
default: 0
|
default: 0
|
||||||
passno:
|
passno:
|
||||||
description:
|
description:
|
||||||
- Passno (see fstab(5)). Note that if set to C(null) and I(state) set to
|
- Passno (see fstab(5)).
|
||||||
C(present), it will cease to work and duplicate entries will be made
|
- Note that if set to C(null) and I(state) set to C(present),
|
||||||
|
it will cease to work and duplicate entries will be made
|
||||||
with subsequent runs.
|
with subsequent runs.
|
||||||
- Deprecated on Solaris systems.
|
- Deprecated on Solaris systems.
|
||||||
|
type: str
|
||||||
default: 0
|
default: 0
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
|
@ -66,38 +74,38 @@ options:
|
||||||
- C(absent) specifies that the device mount's entry will be removed from
|
- C(absent) specifies that the device mount's entry will be removed from
|
||||||
I(fstab) and will also unmount the device and remove the mount
|
I(fstab) and will also unmount the device and remove the mount
|
||||||
point.
|
point.
|
||||||
|
type: str
|
||||||
required: true
|
required: true
|
||||||
choices: [ absent, mounted, present, unmounted ]
|
choices: [ absent, mounted, present, unmounted ]
|
||||||
fstab:
|
fstab:
|
||||||
description:
|
description:
|
||||||
- File to use instead of C(/etc/fstab). You shouldn't use this option
|
- File to use instead of C(/etc/fstab).
|
||||||
unless you really know what you are doing. This might be useful if
|
- You should npt use this option unless you really know what you are doing.
|
||||||
you need to configure mountpoints in a chroot environment. OpenBSD
|
- This might be useful if you need to configure mountpoints in a chroot environment.
|
||||||
does not allow specifying alternate fstab files with mount so do not
|
- OpenBSD does not allow specifying alternate fstab files with mount so do not
|
||||||
use this on OpenBSD with any state that operates on the live
|
use this on OpenBSD with any state that operates on the live filesystem.
|
||||||
filesystem.
|
- This parameter defaults to /etc/fstab or /etc/vfstab on Solaris.
|
||||||
default: /etc/fstab (/etc/vfstab on Solaris)
|
type: str
|
||||||
boot:
|
boot:
|
||||||
description:
|
description:
|
||||||
- Determines if the filesystem should be mounted on boot.
|
- Determines if the filesystem should be mounted on boot.
|
||||||
- Only applies to Solaris systems.
|
- Only applies to Solaris systems.
|
||||||
type: bool
|
type: bool
|
||||||
default: 'yes'
|
default: yes
|
||||||
version_added: '2.2'
|
version_added: '2.2'
|
||||||
backup:
|
backup:
|
||||||
description:
|
description:
|
||||||
- Create a backup file including the timestamp information so you can get
|
- Create a backup file including the timestamp information so you can get
|
||||||
the original file back if you somehow clobbered it incorrectly.
|
the original file back if you somehow clobbered it incorrectly.
|
||||||
required: false
|
|
||||||
type: bool
|
type: bool
|
||||||
default: "no"
|
default: no
|
||||||
version_added: '2.5'
|
version_added: '2.5'
|
||||||
notes:
|
notes:
|
||||||
- As of Ansible 2.3, the I(name) option has been changed to I(path) as
|
- As of Ansible 2.3, the I(name) option has been changed to I(path) as
|
||||||
default, but I(name) still works as well.
|
default, but I(name) still works as well.
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
# Before 2.3, option 'name' was used instead of 'path'
|
# Before 2.3, option 'name' was used instead of 'path'
|
||||||
- name: Mount DVD read-only
|
- name: Mount DVD read-only
|
||||||
mount:
|
mount:
|
||||||
|
@ -583,7 +591,7 @@ def main():
|
||||||
opts=dict(type='str'),
|
opts=dict(type='str'),
|
||||||
passno=dict(type='str'),
|
passno=dict(type='str'),
|
||||||
src=dict(type='path'),
|
src=dict(type='path'),
|
||||||
backup=dict(default=False, type='bool'),
|
backup=dict(type='bool', default=False),
|
||||||
state=dict(type='str', required=True, choices=['absent', 'mounted', 'present', 'unmounted']),
|
state=dict(type='str', required=True, choices=['absent', 'mounted', 'present', 'unmounted']),
|
||||||
),
|
),
|
||||||
supports_check_mode=True,
|
supports_check_mode=True,
|
||||||
|
|
|
@ -1,23 +1,23 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# (c) 2013, Serge van Ginderachter <serge@vanginderachter.be>
|
# Copyright: (c) 2013, Serge van Ginderachter <serge@vanginderachter.be>
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
|
||||||
from __future__ import absolute_import, division, print_function
|
from __future__ import absolute_import, division, print_function
|
||||||
|
|
||||||
__metaclass__ = type
|
__metaclass__ = type
|
||||||
|
|
||||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: open_iscsi
|
module: open_iscsi
|
||||||
author: "Serge van Ginderachter (@srvg)"
|
author:
|
||||||
|
- Serge van Ginderachter (@srvg)
|
||||||
version_added: "1.4"
|
version_added: "1.4"
|
||||||
short_description: Manage iscsi targets with open-iscsi
|
short_description: Manage iSCSI targets with Open-iSCSI
|
||||||
description:
|
description:
|
||||||
- Discover targets on given portal, (dis)connect targets, mark targets to
|
- Discover targets on given portal, (dis)connect targets, mark targets to
|
||||||
manually or auto start, return device nodes of connected targets.
|
manually or auto start, return device nodes of connected targets.
|
||||||
|
@ -25,85 +25,80 @@ requirements:
|
||||||
- open_iscsi library and tools (iscsiadm)
|
- open_iscsi library and tools (iscsiadm)
|
||||||
options:
|
options:
|
||||||
portal:
|
portal:
|
||||||
required: false
|
|
||||||
aliases: [ip]
|
|
||||||
description:
|
description:
|
||||||
- the ip address of the iscsi target
|
- The IP address of the iSCSI target.
|
||||||
|
type: str
|
||||||
|
aliases: [ ip ]
|
||||||
port:
|
port:
|
||||||
required: false
|
description:
|
||||||
|
- The port on which the iSCSI target process listens.
|
||||||
|
type: str
|
||||||
default: 3260
|
default: 3260
|
||||||
description:
|
|
||||||
- the port on which the iscsi target process listens
|
|
||||||
target:
|
target:
|
||||||
required: false
|
|
||||||
aliases: [name, targetname]
|
|
||||||
description:
|
description:
|
||||||
- the iscsi target name
|
- The iSCSI target name.
|
||||||
|
type: str
|
||||||
|
aliases: [ name, targetname ]
|
||||||
login:
|
login:
|
||||||
required: false
|
|
||||||
type: bool
|
|
||||||
description:
|
description:
|
||||||
- whether the target node should be connected
|
- Whether the target node should be connected.
|
||||||
|
type: bool
|
||||||
|
aliases: [ state ]
|
||||||
node_auth:
|
node_auth:
|
||||||
required: false
|
description:
|
||||||
|
- The value for C(discovery.sendtargets.auth.authmethod).
|
||||||
|
type: str
|
||||||
default: CHAP
|
default: CHAP
|
||||||
description:
|
|
||||||
- discovery.sendtargets.auth.authmethod
|
|
||||||
node_user:
|
node_user:
|
||||||
required: false
|
|
||||||
description:
|
description:
|
||||||
- discovery.sendtargets.auth.username
|
- The value for C(discovery.sendtargets.auth.username).
|
||||||
|
type: str
|
||||||
node_pass:
|
node_pass:
|
||||||
required: false
|
|
||||||
description:
|
description:
|
||||||
- discovery.sendtargets.auth.password
|
- The value for C(discovery.sendtargets.auth.password).
|
||||||
|
type: str
|
||||||
auto_node_startup:
|
auto_node_startup:
|
||||||
aliases: [automatic]
|
|
||||||
required: false
|
|
||||||
type: bool
|
|
||||||
description:
|
description:
|
||||||
- whether the target node should be automatically connected at startup
|
- Whether the target node should be automatically connected at startup.
|
||||||
|
type: bool
|
||||||
|
aliases: [ automatic ]
|
||||||
discover:
|
discover:
|
||||||
required: false
|
|
||||||
type: bool
|
|
||||||
description:
|
description:
|
||||||
- whether the list of target nodes on the portal should be
|
- Whether the list of target nodes on the portal should be
|
||||||
(re)discovered and added to the persistent iscsi database.
|
(re)discovered and added to the persistent iSCSI database.
|
||||||
Keep in mind that iscsiadm discovery resets configurtion, like node.startup
|
- Keep in mind that C(iscsiadm) discovery resets configuration, like C(node.startup)
|
||||||
to manual, hence combined with auto_node_startup=yes will always return
|
to manual, hence combined with C(auto_node_startup=yes) will always return
|
||||||
a changed state.
|
a changed state.
|
||||||
show_nodes:
|
|
||||||
required: false
|
|
||||||
type: bool
|
type: bool
|
||||||
|
show_nodes:
|
||||||
description:
|
description:
|
||||||
- whether the list of nodes in the persistent iscsi database should be
|
- Whether the list of nodes in the persistent iSCSI database should be returned by the module.
|
||||||
returned by the module
|
type: bool
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
# perform a discovery on 10.1.2.3 and show available target nodes
|
- name: Perform a discovery on 10.1.2.3 and show available target nodes
|
||||||
- open_iscsi:
|
open_iscsi:
|
||||||
show_nodes: yes
|
show_nodes: yes
|
||||||
discover: yes
|
discover: yes
|
||||||
portal: 10.1.2.3
|
portal: 10.1.2.3
|
||||||
|
|
||||||
# discover targets on portal and login to the one available
|
# NOTE: Only works if exactly one target is exported to the initiator
|
||||||
# (only works if exactly one target is exported to the initiator)
|
- name: Discover targets on portal and login to the one available
|
||||||
- open_iscsi:
|
open_iscsi:
|
||||||
portal: '{{ iscsi_target }}'
|
portal: '{{ iscsi_target }}'
|
||||||
login: yes
|
login: yes
|
||||||
discover: yes
|
discover: yes
|
||||||
|
|
||||||
# description: connect to the named target, after updating the local
|
- name: Connect to the named target, after updating the local persistent database (cache)
|
||||||
# persistent database (cache)
|
open_iscsi:
|
||||||
- open_iscsi:
|
|
||||||
login: yes
|
login: yes
|
||||||
target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d'
|
target: iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d
|
||||||
|
|
||||||
# description: discconnect from the cached named target
|
- name: Discconnect from the cached named target
|
||||||
- open_iscsi:
|
open_iscsi:
|
||||||
login: no
|
login: no
|
||||||
target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d'
|
target: iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d
|
||||||
'''
|
'''
|
||||||
|
|
||||||
import glob
|
import glob
|
||||||
|
@ -256,23 +251,23 @@ def main():
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
|
|
||||||
# target
|
# target
|
||||||
portal=dict(required=False, aliases=['ip']),
|
portal=dict(type='str', aliases=['ip']),
|
||||||
port=dict(required=False, default=3260),
|
port=dict(type='str', default=3260),
|
||||||
target=dict(required=False, aliases=['name', 'targetname']),
|
target=dict(type='str', aliases=['name', 'targetname']),
|
||||||
node_auth=dict(required=False, default='CHAP'),
|
node_auth=dict(type='str', default='CHAP'),
|
||||||
node_user=dict(required=False),
|
node_user=dict(type='str'),
|
||||||
node_pass=dict(required=False, no_log=True),
|
node_pass=dict(type='str', no_log=True),
|
||||||
|
|
||||||
# actions
|
# actions
|
||||||
login=dict(type='bool', aliases=['state']),
|
login=dict(type='bool', aliases=['state']),
|
||||||
auto_node_startup=dict(type='bool', aliases=['automatic']),
|
auto_node_startup=dict(type='bool', aliases=['automatic']),
|
||||||
discover=dict(type='bool', default=False),
|
discover=dict(type='bool', default=False),
|
||||||
show_nodes=dict(type='bool', default=False)
|
show_nodes=dict(type='bool', default=False),
|
||||||
),
|
),
|
||||||
|
|
||||||
required_together=[['discover_user', 'discover_pass'],
|
required_together=[['discover_user', 'discover_pass'],
|
||||||
['node_user', 'node_pass']],
|
['node_user', 'node_pass']],
|
||||||
supports_check_mode=True
|
supports_check_mode=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
global iscsiadm_cmd
|
global iscsiadm_cmd
|
||||||
|
|
|
@ -1,65 +1,77 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# (c) 2014, GeekChimp - Franck Nijhof <franck@geekchimp.com>
|
# Copyright: (c) 2014, GeekChimp - Franck Nijhof <franck@geekchimp.com>
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
|
||||||
from __future__ import absolute_import, division, print_function
|
from __future__ import absolute_import, division, print_function
|
||||||
|
|
||||||
__metaclass__ = type
|
__metaclass__ = type
|
||||||
|
|
||||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['stableinterface'],
|
'status': ['stableinterface'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: osx_defaults
|
module: osx_defaults
|
||||||
author: Franck Nijhof (@frenck)
|
author:
|
||||||
short_description: osx_defaults allows users to read, write, and delete macOS user defaults from Ansible
|
- Franck Nijhof (@frenck)
|
||||||
|
short_description: Manage macOS user defaults
|
||||||
description:
|
description:
|
||||||
- osx_defaults allows users to read, write, and delete macOS user defaults from Ansible scripts.
|
- osx_defaults allows users to read, write, and delete macOS user defaults from Ansible scripts.
|
||||||
macOS applications and other programs use the defaults system to record user preferences and other
|
- macOS applications and other programs use the defaults system to record user preferences and other
|
||||||
information that must be maintained when the applications aren't running (such as default font for new
|
information that must be maintained when the applications are not running (such as default font for new
|
||||||
documents, or the position of an Info panel).
|
documents, or the position of an Info panel).
|
||||||
version_added: "2.0"
|
version_added: "2.0"
|
||||||
options:
|
options:
|
||||||
domain:
|
domain:
|
||||||
description:
|
description:
|
||||||
- The domain is a domain name of the form com.companyname.appname.
|
- The domain is a domain name of the form C(com.companyname.appname).
|
||||||
|
type: str
|
||||||
default: NSGlobalDomain
|
default: NSGlobalDomain
|
||||||
host:
|
host:
|
||||||
description:
|
description:
|
||||||
- The host on which the preference should apply. The special value "currentHost" corresponds to the
|
- The host on which the preference should apply.
|
||||||
"-currentHost" switch of the defaults commandline tool.
|
- The special value C(currentHost) corresponds to the C(-currentHost) switch of the defaults commandline tool.
|
||||||
|
type: str
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
key:
|
key:
|
||||||
description:
|
description:
|
||||||
- The key of the user preference
|
- The key of the user preference.
|
||||||
|
type: str
|
||||||
required: true
|
required: true
|
||||||
type:
|
type:
|
||||||
description:
|
description:
|
||||||
- The type of value to write.
|
- The type of value to write.
|
||||||
|
type: str
|
||||||
|
choices: [ array, bool, boolean, date, float, int, integer, string ]
|
||||||
default: string
|
default: string
|
||||||
choices: [ "array", "bool", "boolean", "date", "float", "int", "integer", "string" ]
|
|
||||||
array_add:
|
array_add:
|
||||||
description:
|
description:
|
||||||
- Add new elements to the array for a key which has an array as its value.
|
- Add new elements to the array for a key which has an array as its value.
|
||||||
type: bool
|
type: bool
|
||||||
default: 'no'
|
default: no
|
||||||
value:
|
value:
|
||||||
description:
|
description:
|
||||||
- The value to write. Only required when state = present.
|
- The value to write.
|
||||||
|
- Only required when C(state=present).
|
||||||
|
type: raw
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- The state of the user defaults
|
- The state of the user defaults.
|
||||||
|
type: str
|
||||||
|
choices: [ absent, present ]
|
||||||
default: present
|
default: present
|
||||||
choices: [ "present", "absent" ]
|
path:
|
||||||
|
description:
|
||||||
|
- The path in which to search for C(osx_defaults).
|
||||||
|
type: str
|
||||||
|
default: /usr/bin:/usr/local/bin
|
||||||
notes:
|
notes:
|
||||||
- Apple Mac caches defaults. You may need to logout and login to apply the changes.
|
- Apple Mac caches defaults. You may need to logout and login to apply the changes.
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
- osx_defaults:
|
- osx_defaults:
|
||||||
domain: com.apple.Safari
|
domain: com.apple.Safari
|
||||||
key: IncludeInternalDebugMenu
|
key: IncludeInternalDebugMenu
|
||||||
|
@ -345,52 +357,14 @@ class OSXDefaults(object):
|
||||||
def main():
|
def main():
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
domain=dict(
|
domain=dict(type='str', default='NSGlobalDomain'),
|
||||||
default="NSGlobalDomain",
|
host=dict(type='str'),
|
||||||
required=False,
|
key=dict(type='str'),
|
||||||
),
|
type=dict(type='str', default='string', choices=['array', 'bool', 'boolean', 'date', 'float', 'int', 'integer', 'string']),
|
||||||
host=dict(
|
array_add=dict(type='bool', default=False),
|
||||||
default=None,
|
value=dict(type='raw'),
|
||||||
required=False,
|
state=dict(type='str', default='present', choices=['absent', 'present']),
|
||||||
),
|
path=dict(type='str', default='/usr/bin:/usr/local/bin'),
|
||||||
key=dict(
|
|
||||||
default=None,
|
|
||||||
),
|
|
||||||
type=dict(
|
|
||||||
default="string",
|
|
||||||
required=False,
|
|
||||||
choices=[
|
|
||||||
"array",
|
|
||||||
"bool",
|
|
||||||
"boolean",
|
|
||||||
"date",
|
|
||||||
"float",
|
|
||||||
"int",
|
|
||||||
"integer",
|
|
||||||
"string",
|
|
||||||
],
|
|
||||||
),
|
|
||||||
array_add=dict(
|
|
||||||
default=False,
|
|
||||||
required=False,
|
|
||||||
type='bool',
|
|
||||||
),
|
|
||||||
value=dict(
|
|
||||||
default=None,
|
|
||||||
required=False,
|
|
||||||
type='raw'
|
|
||||||
),
|
|
||||||
state=dict(
|
|
||||||
default="present",
|
|
||||||
required=False,
|
|
||||||
choices=[
|
|
||||||
"absent", "present"
|
|
||||||
],
|
|
||||||
),
|
|
||||||
path=dict(
|
|
||||||
default="/usr/bin:/usr/local/bin",
|
|
||||||
required=False,
|
|
||||||
)
|
|
||||||
),
|
),
|
||||||
supports_check_mode=True,
|
supports_check_mode=True,
|
||||||
)
|
)
|
||||||
|
|
|
@ -36,6 +36,7 @@ options:
|
||||||
- The C(type), C(control) and C(module_path) all must match a rule to be modified.
|
- The C(type), C(control) and C(module_path) all must match a rule to be modified.
|
||||||
type: str
|
type: str
|
||||||
required: true
|
required: true
|
||||||
|
choices: [ account, -account, auth, -auth, password, -password, session, -session ]
|
||||||
control:
|
control:
|
||||||
description:
|
description:
|
||||||
- The control of the PAM rule being modified.
|
- The control of the PAM rule being modified.
|
||||||
|
@ -54,6 +55,7 @@ options:
|
||||||
description:
|
description:
|
||||||
- The new type to assign to the new rule.
|
- The new type to assign to the new rule.
|
||||||
type: str
|
type: str
|
||||||
|
choices: [ account, -account, auth, -auth, password, -password, session, -session ]
|
||||||
new_control:
|
new_control:
|
||||||
description:
|
description:
|
||||||
- The new control to assign to the new rule.
|
- The new control to assign to the new rule.
|
||||||
|
@ -87,9 +89,9 @@ options:
|
||||||
default: updated
|
default: updated
|
||||||
path:
|
path:
|
||||||
description:
|
description:
|
||||||
- This is the path to the PAM service files
|
- This is the path to the PAM service files.
|
||||||
type: path
|
type: path
|
||||||
default: /etc/pam.d/
|
default: /etc/pam.d
|
||||||
backup:
|
backup:
|
||||||
description:
|
description:
|
||||||
- Create a backup file including the timestamp information so you can
|
- Create a backup file including the timestamp information so you can
|
||||||
|
@ -224,7 +226,7 @@ EXAMPLES = r'''
|
||||||
|
|
||||||
RETURN = r'''
|
RETURN = r'''
|
||||||
change_count:
|
change_count:
|
||||||
description: How many rules were changed
|
description: How many rules were changed.
|
||||||
type: int
|
type: int
|
||||||
sample: 1
|
sample: 1
|
||||||
returned: success
|
returned: success
|
||||||
|
@ -791,9 +793,9 @@ def main():
|
||||||
("state", "before", ["new_module_path"]),
|
("state", "before", ["new_module_path"]),
|
||||||
("state", "after", ["new_control"]),
|
("state", "after", ["new_control"]),
|
||||||
("state", "after", ["new_type"]),
|
("state", "after", ["new_type"]),
|
||||||
("state", "after", ["new_module_path"])
|
("state", "after", ["new_module_path"]),
|
||||||
|
|
||||||
]
|
],
|
||||||
)
|
)
|
||||||
content = str()
|
content = str()
|
||||||
fname = os.path.join(module.params["path"], module.params["name"])
|
fname = os.path.join(module.params["path"], module.params["name"])
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# Copyright: (c) 2015, Hewlett-Packard Development Company, L.P.
|
# Copyright: (c) 2015, Hewlett-Packard Development Company, L.P.
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
@ -10,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['stableinterface'],
|
'status': ['stableinterface'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: puppet
|
module: puppet
|
||||||
short_description: Runs puppet
|
short_description: Runs puppet
|
||||||
|
@ -21,65 +22,80 @@ options:
|
||||||
timeout:
|
timeout:
|
||||||
description:
|
description:
|
||||||
- How long to wait for I(puppet) to finish.
|
- How long to wait for I(puppet) to finish.
|
||||||
|
type: str
|
||||||
default: 30m
|
default: 30m
|
||||||
puppetmaster:
|
puppetmaster:
|
||||||
description:
|
description:
|
||||||
- The hostname of the puppetmaster to contact.
|
- The hostname of the puppetmaster to contact.
|
||||||
|
type: str
|
||||||
modulepath:
|
modulepath:
|
||||||
description:
|
description:
|
||||||
- Path to an alternate location for puppet modules.
|
- Path to an alternate location for puppet modules.
|
||||||
|
type: str
|
||||||
version_added: "2.4"
|
version_added: "2.4"
|
||||||
manifest:
|
manifest:
|
||||||
description:
|
description:
|
||||||
- Path to the manifest file to run puppet apply on.
|
- Path to the manifest file to run puppet apply on.
|
||||||
|
type: str
|
||||||
noop:
|
noop:
|
||||||
description:
|
description:
|
||||||
- Override puppet.conf noop mode.
|
- Override puppet.conf noop mode.
|
||||||
- Undefined, use default or puppet.conf value if defined.
|
- When C(yes), run Puppet agent with C(--noop) switch set.
|
||||||
- true, Run Puppet agent with C(--noop) switch set.
|
- When C(no), run Puppet agent with C(--no-noop) switch set.
|
||||||
- false, Run Puppet agent with C(--no-noop) switch set.
|
- When unset (default), use default or puppet.conf value if defined.
|
||||||
|
type: bool
|
||||||
version_added: "2.8"
|
version_added: "2.8"
|
||||||
facts:
|
facts:
|
||||||
description:
|
description:
|
||||||
- A dict of values to pass in as persistent external facter facts.
|
- A dict of values to pass in as persistent external facter facts.
|
||||||
|
type: dict
|
||||||
facter_basename:
|
facter_basename:
|
||||||
description:
|
description:
|
||||||
- Basename of the facter output file.
|
- Basename of the facter output file.
|
||||||
|
type: str
|
||||||
default: ansible
|
default: ansible
|
||||||
environment:
|
environment:
|
||||||
description:
|
description:
|
||||||
- Puppet environment to be used.
|
- Puppet environment to be used.
|
||||||
|
type: str
|
||||||
logdest:
|
logdest:
|
||||||
description: |
|
description:
|
||||||
Where the puppet logs should go, if puppet apply is being used. C(all)
|
- Where the puppet logs should go, if puppet apply is being used.
|
||||||
will go to both C(stdout) and C(syslog).
|
- C(all) will go to both C(stdout) and C(syslog).
|
||||||
choices: [ stdout, syslog, all ]
|
type: str
|
||||||
|
choices: [ all, stdout, syslog ]
|
||||||
default: stdout
|
default: stdout
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
certname:
|
certname:
|
||||||
description:
|
description:
|
||||||
- The name to use when handling certificates.
|
- The name to use when handling certificates.
|
||||||
|
type: str
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
tags:
|
tags:
|
||||||
description:
|
description:
|
||||||
- A comma-separated list of puppet tags to be used.
|
- A list of puppet tags to be used.
|
||||||
|
type: list
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
execute:
|
execute:
|
||||||
description:
|
description:
|
||||||
- Execute a specific piece of Puppet code.
|
- Execute a specific piece of Puppet code.
|
||||||
- It has no effect with a puppetmaster.
|
- It has no effect with a puppetmaster.
|
||||||
|
type: str
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
summarize:
|
summarize:
|
||||||
description:
|
description:
|
||||||
- Whether to print a transaction summary
|
- Whether to print a transaction summary.
|
||||||
|
type: bool
|
||||||
version_added: "2.7"
|
version_added: "2.7"
|
||||||
verbose:
|
verbose:
|
||||||
description:
|
description:
|
||||||
- Print extra information
|
- Print extra information.
|
||||||
|
type: bool
|
||||||
version_added: "2.7"
|
version_added: "2.7"
|
||||||
debug:
|
debug:
|
||||||
description:
|
description:
|
||||||
- Enable full debugging
|
- Enable full debugging.
|
||||||
|
type: bool
|
||||||
version_added: "2.7"
|
version_added: "2.7"
|
||||||
requirements:
|
requirements:
|
||||||
- puppet
|
- puppet
|
||||||
|
@ -87,7 +103,7 @@ author:
|
||||||
- Monty Taylor (@emonty)
|
- Monty Taylor (@emonty)
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
- name: Run puppet agent and fail if anything goes wrong
|
- name: Run puppet agent and fail if anything goes wrong
|
||||||
puppet:
|
puppet:
|
||||||
|
|
||||||
|
@ -109,11 +125,13 @@ EXAMPLES = '''
|
||||||
|
|
||||||
- name: Run puppet using a specific tags
|
- name: Run puppet using a specific tags
|
||||||
puppet:
|
puppet:
|
||||||
tags: update,nginx
|
tags:
|
||||||
|
- update
|
||||||
|
- nginx
|
||||||
|
|
||||||
- name: Run puppet agent in noop mode
|
- name: Run puppet agent in noop mode
|
||||||
puppet:
|
puppet:
|
||||||
noop: true
|
noop: yes
|
||||||
|
|
||||||
- name: Run a manifest with debug, log to both syslog and stdout, specify module path
|
- name: Run a manifest with debug, log to both syslog and stdout, specify module path
|
||||||
puppet:
|
puppet:
|
||||||
|
@ -160,9 +178,9 @@ def main():
|
||||||
modulepath=dict(type='str'),
|
modulepath=dict(type='str'),
|
||||||
manifest=dict(type='str'),
|
manifest=dict(type='str'),
|
||||||
noop=dict(required=False, type='bool'),
|
noop=dict(required=False, type='bool'),
|
||||||
logdest=dict(type='str', default='stdout', choices=['stdout',
|
logdest=dict(type='str', default='stdout', choices=['all',
|
||||||
'syslog',
|
'stdout',
|
||||||
'all']),
|
'syslog']),
|
||||||
# internal code to work with --diff, do not use
|
# internal code to work with --diff, do not use
|
||||||
show_diff=dict(type='bool', default=False, aliases=['show-diff']),
|
show_diff=dict(type='bool', default=False, aliases=['show-diff']),
|
||||||
facts=dict(type='dict'),
|
facts=dict(type='dict'),
|
||||||
|
@ -179,7 +197,7 @@ def main():
|
||||||
mutually_exclusive=[
|
mutually_exclusive=[
|
||||||
('puppetmaster', 'manifest'),
|
('puppetmaster', 'manifest'),
|
||||||
('puppetmaster', 'manifest', 'execute'),
|
('puppetmaster', 'manifest', 'execute'),
|
||||||
('puppetmaster', 'modulepath')
|
('puppetmaster', 'modulepath'),
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
p = module.params
|
p = module.params
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
#
|
|
||||||
# Copyright: (c) 2015, Brian Coca <bcoca@ansible.com>
|
# Copyright: (c) 2015, Brian Coca <bcoca@ansible.com>
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
|
||||||
|
@ -13,19 +13,20 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
|
|
||||||
# This is a modification of @bcoca's `svc` module
|
# This is a modification of @bcoca's `svc` module
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: runit
|
module: runit
|
||||||
author:
|
author:
|
||||||
- James Sumners (@jsumners)
|
- James Sumners (@jsumners)
|
||||||
version_added: "2.3"
|
version_added: "2.3"
|
||||||
short_description: Manage runit services
|
short_description: Manage runit services
|
||||||
description:
|
description:
|
||||||
- Controls runit services on remote hosts using the sv utility.
|
- Controls runit services on remote hosts using the sv utility.
|
||||||
options:
|
options:
|
||||||
name:
|
name:
|
||||||
description:
|
description:
|
||||||
- Name of the service to manage.
|
- Name of the service to manage.
|
||||||
|
type: str
|
||||||
required: yes
|
required: yes
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
|
@ -35,6 +36,7 @@ options:
|
||||||
C(reloaded) will send a HUP (sv reload).
|
C(reloaded) will send a HUP (sv reload).
|
||||||
C(once) will run a normally downed sv once (sv once), not really
|
C(once) will run a normally downed sv once (sv once), not really
|
||||||
an idempotent operation.
|
an idempotent operation.
|
||||||
|
type: str
|
||||||
choices: [ killed, once, reloaded, restarted, started, stopped ]
|
choices: [ killed, once, reloaded, restarted, started, stopped ]
|
||||||
enabled:
|
enabled:
|
||||||
description:
|
description:
|
||||||
|
@ -43,14 +45,16 @@ options:
|
||||||
service_dir:
|
service_dir:
|
||||||
description:
|
description:
|
||||||
- directory runsv watches for services
|
- directory runsv watches for services
|
||||||
|
type: str
|
||||||
default: /var/service
|
default: /var/service
|
||||||
service_src:
|
service_src:
|
||||||
description:
|
description:
|
||||||
- directory where services are defined, the source of symlinks to service_dir.
|
- directory where services are defined, the source of symlinks to service_dir.
|
||||||
|
type: str
|
||||||
default: /etc/sv
|
default: /etc/sv
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
- name: Start sv dnscache, if not running
|
- name: Start sv dnscache, if not running
|
||||||
runit:
|
runit:
|
||||||
name: dnscache
|
name: dnscache
|
||||||
|
@ -85,7 +89,6 @@ EXAMPLES = '''
|
||||||
|
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
import traceback
|
|
||||||
|
|
||||||
from ansible.module_utils.basic import AnsibleModule
|
from ansible.module_utils.basic import AnsibleModule
|
||||||
from ansible.module_utils._text import to_native
|
from ansible.module_utils._text import to_native
|
||||||
|
@ -226,7 +229,7 @@ class Sv(object):
|
||||||
try:
|
try:
|
||||||
(rc, out, err) = self.module.run_command(' '.join(cmd))
|
(rc, out, err) = self.module.run_command(' '.join(cmd))
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
self.module.fail_json(msg="failed to execute: %s" % to_native(e), exception=traceback.format_exc())
|
self.module.fail_json(msg="failed to execute: %s" % to_native(e))
|
||||||
return (rc, out, err)
|
return (rc, out, err)
|
||||||
|
|
||||||
def report(self):
|
def report(self):
|
||||||
|
@ -268,7 +271,7 @@ def main():
|
||||||
else:
|
else:
|
||||||
sv.disable()
|
sv.disable()
|
||||||
except (OSError, IOError) as e:
|
except (OSError, IOError) as e:
|
||||||
module.fail_json(msg="Could not change service link: %s" % to_native(e), exception=traceback.format_exc())
|
module.fail_json(msg="Could not change service link: %s" % to_native(e))
|
||||||
|
|
||||||
if state is not None and state != sv.state:
|
if state is not None and state != sv.state:
|
||||||
changed = True
|
changed = True
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# Copyright: (c) 2016, Dag Wieers (@dagwieers) <dag@wieers.com>
|
# Copyright: (c) 2016, Dag Wieers (@dagwieers) <dag@wieers.com>
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
@ -38,10 +39,12 @@ options:
|
||||||
- C(p) for named pipes,
|
- C(p) for named pipes,
|
||||||
- C(s) for socket files.
|
- C(s) for socket files.
|
||||||
type: str
|
type: str
|
||||||
|
choices: [ a, b, c, d, f, l, p, s ]
|
||||||
default: a
|
default: a
|
||||||
setype:
|
setype:
|
||||||
description:
|
description:
|
||||||
- SELinux type for the specified target.
|
- SELinux type for the specified target.
|
||||||
|
type: str
|
||||||
required: yes
|
required: yes
|
||||||
seuser:
|
seuser:
|
||||||
description:
|
description:
|
||||||
|
@ -63,12 +66,12 @@ options:
|
||||||
- Reload SELinux policy after commit.
|
- Reload SELinux policy after commit.
|
||||||
- Note that this does not apply SELinux file contexts to existing files.
|
- Note that this does not apply SELinux file contexts to existing files.
|
||||||
type: bool
|
type: bool
|
||||||
default: 'yes'
|
default: yes
|
||||||
ignore_selinux_state:
|
ignore_selinux_state:
|
||||||
description:
|
description:
|
||||||
- Useful for scenarios (chrooted environment) that you can't get the real SELinux state.
|
- Useful for scenarios (chrooted environment) that you can't get the real SELinux state.
|
||||||
type: bool
|
type: bool
|
||||||
default: false
|
default: no
|
||||||
version_added: '2.8'
|
version_added: '2.8'
|
||||||
notes:
|
notes:
|
||||||
- The changes are persistent across reboots.
|
- The changes are persistent across reboots.
|
||||||
|
@ -125,7 +128,7 @@ except ImportError:
|
||||||
|
|
||||||
# Add missing entries (backward compatible)
|
# Add missing entries (backward compatible)
|
||||||
if HAVE_SEOBJECT:
|
if HAVE_SEOBJECT:
|
||||||
seobject.file_types.update(dict(
|
seobject.file_types.update(
|
||||||
a=seobject.SEMANAGE_FCONTEXT_ALL,
|
a=seobject.SEMANAGE_FCONTEXT_ALL,
|
||||||
b=seobject.SEMANAGE_FCONTEXT_BLOCK,
|
b=seobject.SEMANAGE_FCONTEXT_BLOCK,
|
||||||
c=seobject.SEMANAGE_FCONTEXT_CHAR,
|
c=seobject.SEMANAGE_FCONTEXT_CHAR,
|
||||||
|
@ -134,7 +137,7 @@ if HAVE_SEOBJECT:
|
||||||
l=seobject.SEMANAGE_FCONTEXT_LINK,
|
l=seobject.SEMANAGE_FCONTEXT_LINK,
|
||||||
p=seobject.SEMANAGE_FCONTEXT_PIPE,
|
p=seobject.SEMANAGE_FCONTEXT_PIPE,
|
||||||
s=seobject.SEMANAGE_FCONTEXT_SOCK,
|
s=seobject.SEMANAGE_FCONTEXT_SOCK,
|
||||||
))
|
)
|
||||||
|
|
||||||
# Make backward compatible
|
# Make backward compatible
|
||||||
option_to_file_type_str = dict(
|
option_to_file_type_str = dict(
|
||||||
|
@ -252,7 +255,7 @@ def main():
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
ignore_selinux_state=dict(type='bool', default=False),
|
ignore_selinux_state=dict(type='bool', default=False),
|
||||||
target=dict(required=True, aliases=['path']),
|
target=dict(type='str', required=True, aliases=['path']),
|
||||||
ftype=dict(type='str', default='a', choices=option_to_file_type_str.keys()),
|
ftype=dict(type='str', default='a', choices=option_to_file_type_str.keys()),
|
||||||
setype=dict(type='str', required=True),
|
setype=dict(type='str', required=True),
|
||||||
seuser=dict(type='str'),
|
seuser=dict(type='str'),
|
||||||
|
|
|
@ -1,86 +1,85 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# (c) 2012, Derek Carter<goozbach@friocorte.com>
|
# Copyright: (c) 2012, Derek Carter<goozbach@friocorte.com>
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
|
||||||
from __future__ import absolute_import, division, print_function
|
from __future__ import absolute_import, division, print_function
|
||||||
__metaclass__ = type
|
__metaclass__ = type
|
||||||
|
|
||||||
|
|
||||||
ANSIBLE_METADATA = {
|
ANSIBLE_METADATA = {
|
||||||
'metadata_version': '1.1',
|
'metadata_version': '1.1',
|
||||||
'status': ['stableinterface'],
|
'status': ['stableinterface'],
|
||||||
'supported_by': 'core'
|
'supported_by': 'core'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
DOCUMENTATION = r'''
|
||||||
DOCUMENTATION = '''
|
|
||||||
---
|
---
|
||||||
module: selinux
|
module: selinux
|
||||||
short_description: Change policy and state of SELinux
|
short_description: Change policy and state of SELinux
|
||||||
description:
|
description:
|
||||||
- Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue this reboot but will let you know when it is required.
|
- Configures the SELinux mode and policy.
|
||||||
|
- A reboot may be required after usage.
|
||||||
|
- Ansible will not issue this reboot but will let you know when it is required.
|
||||||
version_added: "0.7"
|
version_added: "0.7"
|
||||||
options:
|
options:
|
||||||
policy:
|
policy:
|
||||||
description:
|
description:
|
||||||
- "name of the SELinux policy to use (example: C(targeted)) will be required if state is not C(disabled)"
|
- The name of the SELinux policy to use (e.g. C(targeted)) will be required if state is not C(disabled).
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- The SELinux mode
|
- The SELinux mode.
|
||||||
required: true
|
required: true
|
||||||
choices: [ "enforcing", "permissive", "disabled" ]
|
choices: [ disabled, enforcing, permissive ]
|
||||||
conf:
|
configfile:
|
||||||
description:
|
description:
|
||||||
- path to the SELinux configuration file, if non-standard
|
- The path to the SELinux configuration file, if non-standard.
|
||||||
default: "/etc/selinux/config"
|
default: /etc/selinux/config
|
||||||
aliases: ['configfile', 'file']
|
aliases: [ conf, file ]
|
||||||
notes:
|
|
||||||
- Not tested on any debian based system
|
|
||||||
requirements: [ libselinux-python ]
|
requirements: [ libselinux-python ]
|
||||||
author: "Derek Carter (@goozbach) <goozbach@friocorte.com>"
|
author:
|
||||||
|
- Derek Carter (@goozbach) <goozbach@friocorte.com>
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
# Enable SELinux
|
- name: Enable SELinux
|
||||||
- selinux:
|
selinux:
|
||||||
policy: targeted
|
policy: targeted
|
||||||
state: enforcing
|
state: enforcing
|
||||||
|
|
||||||
# Put SELinux in permissive mode, logging actions that would be blocked.
|
- name: Put SELinux in permissive mode, logging actions that would be blocked.
|
||||||
- selinux:
|
selinux:
|
||||||
policy: targeted
|
policy: targeted
|
||||||
state: permissive
|
state: permissive
|
||||||
|
|
||||||
# Disable SELinux
|
- name: Disable SELinux
|
||||||
- selinux:
|
selinux:
|
||||||
state: disabled
|
state: disabled
|
||||||
'''
|
'''
|
||||||
|
|
||||||
RETURN = '''
|
RETURN = r'''
|
||||||
msg:
|
msg:
|
||||||
description: Messages that describe changes that were made
|
description: Messages that describe changes that were made.
|
||||||
returned: always
|
returned: always
|
||||||
type: str
|
type: str
|
||||||
sample: Config SELinux state changed from 'disabled' to 'permissive'
|
sample: Config SELinux state changed from 'disabled' to 'permissive'
|
||||||
configfile:
|
configfile:
|
||||||
description: Path to SELinux configuration file
|
description: Path to SELinux configuration file.
|
||||||
returned: always
|
returned: always
|
||||||
type: str
|
type: str
|
||||||
sample: /etc/selinux/config
|
sample: /etc/selinux/config
|
||||||
policy:
|
policy:
|
||||||
description: Name of the SELinux policy
|
description: Name of the SELinux policy.
|
||||||
returned: always
|
returned: always
|
||||||
type: str
|
type: str
|
||||||
sample: targeted
|
sample: targeted
|
||||||
state:
|
state:
|
||||||
description: SELinux mode
|
description: SELinux mode.
|
||||||
returned: always
|
returned: always
|
||||||
type: str
|
type: str
|
||||||
sample: enforcing
|
sample: enforcing
|
||||||
reboot_required:
|
reboot_required:
|
||||||
description: Whether or not an reboot is required for the changes to take effect
|
description: Whether or not an reboot is required for the changes to take effect.
|
||||||
returned: always
|
returned: always
|
||||||
type: bool
|
type: bool
|
||||||
sample: true
|
sample: true
|
||||||
|
@ -171,11 +170,11 @@ def set_config_policy(module, policy, configfile):
|
||||||
def main():
|
def main():
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
policy=dict(required=False),
|
policy=dict(type='str'),
|
||||||
state=dict(choices=['enforcing', 'permissive', 'disabled'], required=True),
|
state=dict(type='str', required='True', choices=['enforcing', 'permissive', 'disabled']),
|
||||||
configfile=dict(aliases=['conf', 'file'], default='/etc/selinux/config')
|
configfile=dict(type='str', default='/etc/selinux/config', aliases=['conf', 'file']),
|
||||||
),
|
),
|
||||||
supports_check_mode=True
|
supports_check_mode=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
if not HAS_SELINUX:
|
if not HAS_SELINUX:
|
||||||
|
@ -210,7 +209,7 @@ def main():
|
||||||
# check to see if policy is set if state is not 'disabled'
|
# check to see if policy is set if state is not 'disabled'
|
||||||
if state != 'disabled':
|
if state != 'disabled':
|
||||||
if not policy:
|
if not policy:
|
||||||
module.fail_json(msg='Policy is required if state is not \'disabled\'')
|
module.fail_json(msg="Policy is required if state is not 'disabled'")
|
||||||
else:
|
else:
|
||||||
if not policy:
|
if not policy:
|
||||||
policy = config_policy
|
policy = config_policy
|
||||||
|
@ -220,14 +219,14 @@ def main():
|
||||||
if module.check_mode:
|
if module.check_mode:
|
||||||
module.exit_json(changed=True)
|
module.exit_json(changed=True)
|
||||||
# cannot change runtime policy
|
# cannot change runtime policy
|
||||||
msgs.append('Running SELinux policy changed from \'%s\' to \'%s\'' % (runtime_policy, policy))
|
msgs.append("Running SELinux policy changed from '%s' to '%s'" % (runtime_policy, policy))
|
||||||
changed = True
|
changed = True
|
||||||
|
|
||||||
if policy != config_policy:
|
if policy != config_policy:
|
||||||
if module.check_mode:
|
if module.check_mode:
|
||||||
module.exit_json(changed=True)
|
module.exit_json(changed=True)
|
||||||
set_config_policy(module, policy, configfile)
|
set_config_policy(module, policy, configfile)
|
||||||
msgs.append('SELinux policy configuration in \'%s\' changed from \'%s\' to \'%s\'' % (configfile, config_policy, policy))
|
msgs.append("SELinux policy configuration in '%s' changed from '%s' to '%s'" % (configfile, config_policy, policy))
|
||||||
changed = True
|
changed = True
|
||||||
|
|
||||||
if state != runtime_state:
|
if state != runtime_state:
|
||||||
|
@ -237,7 +236,7 @@ def main():
|
||||||
# Temporarily set state to permissive
|
# Temporarily set state to permissive
|
||||||
if not module.check_mode:
|
if not module.check_mode:
|
||||||
set_state(module, 'permissive')
|
set_state(module, 'permissive')
|
||||||
module.warn('SELinux state temporarily changed from \'%s\' to \'permissive\'. State change will take effect next reboot.' % (runtime_state))
|
module.warn("SELinux state temporarily changed from '%s' to 'permissive'. State change will take effect next reboot." % (runtime_state))
|
||||||
changed = True
|
changed = True
|
||||||
else:
|
else:
|
||||||
module.warn('SELinux state change will take effect next reboot')
|
module.warn('SELinux state change will take effect next reboot')
|
||||||
|
@ -245,19 +244,19 @@ def main():
|
||||||
else:
|
else:
|
||||||
if not module.check_mode:
|
if not module.check_mode:
|
||||||
set_state(module, state)
|
set_state(module, state)
|
||||||
msgs.append('SELinux state changed from \'%s\' to \'%s\'' % (runtime_state, state))
|
msgs.append("SELinux state changed from '%s' to '%s'" % (runtime_state, state))
|
||||||
|
|
||||||
# Only report changes if the file is changed.
|
# Only report changes if the file is changed.
|
||||||
# This prevents the task from reporting changes every time the task is run.
|
# This prevents the task from reporting changes every time the task is run.
|
||||||
changed = True
|
changed = True
|
||||||
else:
|
else:
|
||||||
module.warn("Reboot is required to set SELinux state to %s" % state)
|
module.warn("Reboot is required to set SELinux state to '%s'" % state)
|
||||||
reboot_required = True
|
reboot_required = True
|
||||||
|
|
||||||
if state != config_state:
|
if state != config_state:
|
||||||
if not module.check_mode:
|
if not module.check_mode:
|
||||||
set_config_state(module, state, configfile)
|
set_config_state(module, state, configfile)
|
||||||
msgs.append('Config SELinux state changed from \'%s\' to \'%s\'' % (config_state, state))
|
msgs.append("Config SELinux state changed from '%s' to '%s'" % (config_state, state))
|
||||||
changed = True
|
changed = True
|
||||||
|
|
||||||
module.exit_json(changed=changed, msg=', '.join(msgs), configfile=configfile, policy=policy, state=state, reboot_required=reboot_required)
|
module.exit_json(changed=changed, msg=', '.join(msgs), configfile=configfile, policy=policy, state=state, reboot_required=reboot_required)
|
||||||
|
|
|
@ -1,20 +1,18 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# (c) 2015, Michael Scherer <misc@zarb.org>
|
# Copyright: (c) 2015, Michael Scherer <misc@zarb.org>
|
||||||
# inspired by code of github.com/dandiker/
|
# inspired by code of github.com/dandiker/
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
|
||||||
from __future__ import absolute_import, division, print_function
|
from __future__ import absolute_import, division, print_function
|
||||||
__metaclass__ = type
|
__metaclass__ = type
|
||||||
|
|
||||||
|
|
||||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
|
DOCUMENTATION = r'''
|
||||||
DOCUMENTATION = '''
|
|
||||||
---
|
---
|
||||||
module: selinux_permissive
|
module: selinux_permissive
|
||||||
short_description: Change permissive domain in SELinux policy
|
short_description: Change permissive domain in SELinux policy
|
||||||
|
@ -25,29 +23,34 @@ options:
|
||||||
domain:
|
domain:
|
||||||
description:
|
description:
|
||||||
- The domain that will be added or removed from the list of permissive domains.
|
- The domain that will be added or removed from the list of permissive domains.
|
||||||
|
type: str
|
||||||
required: true
|
required: true
|
||||||
|
default: ''
|
||||||
|
aliases: [ name ]
|
||||||
permissive:
|
permissive:
|
||||||
description:
|
description:
|
||||||
- Indicate if the domain should or should not be set as permissive.
|
- Indicate if the domain should or should not be set as permissive.
|
||||||
required: true
|
|
||||||
type: bool
|
type: bool
|
||||||
|
required: true
|
||||||
no_reload:
|
no_reload:
|
||||||
description:
|
description:
|
||||||
- Disable reloading of the SELinux policy after making change to a domain's permissive setting.
|
- Disable reloading of the SELinux policy after making change to a domain's permissive setting.
|
||||||
- The default is C(no), which causes policy to be reloaded when a domain changes state.
|
- The default is C(no), which causes policy to be reloaded when a domain changes state.
|
||||||
- Reloading the policy does not work on older versions of the C(policycoreutils-python) library, for example in EL 6."
|
- Reloading the policy does not work on older versions of the C(policycoreutils-python) library, for example in EL 6."
|
||||||
type: bool
|
type: bool
|
||||||
default: 'no'
|
default: no
|
||||||
store:
|
store:
|
||||||
description:
|
description:
|
||||||
- "Name of the SELinux policy store to use."
|
- Name of the SELinux policy store to use.
|
||||||
|
type: str
|
||||||
notes:
|
notes:
|
||||||
- Requires a recent version of SELinux and C(policycoreutils-python) (EL 6 or newer).
|
- Requires a recent version of SELinux and C(policycoreutils-python) (EL 6 or newer).
|
||||||
requirements: [ policycoreutils-python ]
|
requirements: [ policycoreutils-python ]
|
||||||
author: Michael Scherer (@mscherer) <misc@zarb.org>
|
author:
|
||||||
|
- Michael Scherer (@mscherer) <misc@zarb.org>
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
- name: Change the httpd_t domain to permissive
|
- name: Change the httpd_t domain to permissive
|
||||||
selinux_permissive:
|
selinux_permissive:
|
||||||
name: httpd_t
|
name: httpd_t
|
||||||
|
@ -71,12 +74,12 @@ from ansible.module_utils._text import to_native
|
||||||
def main():
|
def main():
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
domain=dict(aliases=['name'], required=True),
|
domain=dict(type='str', required=True, aliases=['name']),
|
||||||
store=dict(required=False, default=''),
|
store=dict(type='str', default=''),
|
||||||
permissive=dict(type='bool', required=True),
|
permissive=dict(type='bool', required=True),
|
||||||
no_reload=dict(type='bool', required=False, default=False),
|
no_reload=dict(type='bool', default=False),
|
||||||
),
|
),
|
||||||
supports_check_mode=True
|
supports_check_mode=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
# global vars
|
# global vars
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# Copyright: (c) 2014, Dan Keder <dan.keder@gmail.com>
|
# Copyright: (c) 2014, Dan Keder <dan.keder@gmail.com>
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
@ -10,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: seport
|
module: seport
|
||||||
short_description: Manages SELinux network port type definitions
|
short_description: Manages SELinux network port type definitions
|
||||||
|
@ -20,33 +21,37 @@ version_added: "2.0"
|
||||||
options:
|
options:
|
||||||
ports:
|
ports:
|
||||||
description:
|
description:
|
||||||
- Ports or port ranges. Can be a list (since 2.6) or comma separated string.
|
- Ports or port ranges.
|
||||||
|
- Can be a list (since 2.6) or comma separated string.
|
||||||
|
type: list
|
||||||
required: true
|
required: true
|
||||||
proto:
|
proto:
|
||||||
description:
|
description:
|
||||||
- Protocol for the specified port.
|
- Protocol for the specified port.
|
||||||
|
type: str
|
||||||
required: true
|
required: true
|
||||||
choices: [ tcp, udp ]
|
choices: [ tcp, udp ]
|
||||||
setype:
|
setype:
|
||||||
description:
|
description:
|
||||||
- SELinux type for the specified port.
|
- SELinux type for the specified port.
|
||||||
|
type: str
|
||||||
required: true
|
required: true
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Desired boolean value.
|
- Desired boolean value.
|
||||||
required: true
|
type: str
|
||||||
choices: [ absent, present ]
|
choices: [ absent, present ]
|
||||||
default: present
|
default: present
|
||||||
reload:
|
reload:
|
||||||
description:
|
description:
|
||||||
- Reload SELinux policy after commit.
|
- Reload SELinux policy after commit.
|
||||||
type: bool
|
type: bool
|
||||||
default: 'yes'
|
default: yes
|
||||||
ignore_selinux_state:
|
ignore_selinux_state:
|
||||||
description:
|
description:
|
||||||
- Run independent of selinux runtime state
|
- Run independent of selinux runtime state
|
||||||
type: bool
|
type: bool
|
||||||
default: false
|
default: no
|
||||||
version_added: '2.8'
|
version_added: '2.8'
|
||||||
notes:
|
notes:
|
||||||
- The changes are persistent across reboots.
|
- The changes are persistent across reboots.
|
||||||
|
@ -58,7 +63,7 @@ author:
|
||||||
- Dan Keder (@dankeder)
|
- Dan Keder (@dankeder)
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
- name: Allow Apache to listen on tcp port 8888
|
- name: Allow Apache to listen on tcp port 8888
|
||||||
seport:
|
seport:
|
||||||
ports: 8888
|
ports: 8888
|
||||||
|
@ -258,7 +263,7 @@ def main():
|
||||||
ports=dict(type='list', required=True),
|
ports=dict(type='list', required=True),
|
||||||
proto=dict(type='str', required=True, choices=['tcp', 'udp']),
|
proto=dict(type='str', required=True, choices=['tcp', 'udp']),
|
||||||
setype=dict(type='str', required=True),
|
setype=dict(type='str', required=True),
|
||||||
state=dict(type='str', required=True, choices=['absent', 'present']),
|
state=dict(type='str', default='present', choices=['absent', 'present']),
|
||||||
reload=dict(type='bool', default=True),
|
reload=dict(type='bool', default=True),
|
||||||
),
|
),
|
||||||
supports_check_mode=True,
|
supports_check_mode=True,
|
||||||
|
|
|
@ -72,8 +72,8 @@ options:
|
||||||
aliases: [ args ]
|
aliases: [ args ]
|
||||||
use:
|
use:
|
||||||
description:
|
description:
|
||||||
- The service module actually uses system specific modules, normally through auto detection, this setting can force a specific module.
|
- The service module actually uses system specific modules, normally through auto detection, this setting can force a specific module.
|
||||||
- Normally it uses the value of the 'ansible_service_mgr' fact and falls back to the old 'service' module when none matching is found.
|
- Normally it uses the value of the 'ansible_service_mgr' fact and falls back to the old 'service' module when none matching is found.
|
||||||
type: str
|
type: str
|
||||||
default: auto
|
default: auto
|
||||||
version_added: 2.2
|
version_added: 2.2
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
# (c) 2015, Paul Markham <pmarkham@netrefinery.com>
|
# Copyright: (c) 2015, Paul Markham <pmarkham@netrefinery.com>
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
|
||||||
from __future__ import absolute_import, division, print_function
|
from __future__ import absolute_import, division, print_function
|
||||||
|
@ -10,13 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: solaris_zone
|
module: solaris_zone
|
||||||
short_description: Manage Solaris zones
|
short_description: Manage Solaris zones
|
||||||
description:
|
description:
|
||||||
- Create, start, stop and delete Solaris zones. This module doesn't currently allow
|
- Create, start, stop and delete Solaris zones.
|
||||||
changing of options for a zone that's already been created.
|
- This module does not currently allow changing of options for a zone that is already been created.
|
||||||
version_added: "2.0"
|
version_added: "2.0"
|
||||||
author:
|
author:
|
||||||
- Paul Markham (@pmarkham)
|
- Paul Markham (@pmarkham)
|
||||||
|
@ -35,50 +36,59 @@ options:
|
||||||
- C(configured), configure the ready so that it's to be attached.
|
- C(configured), configure the ready so that it's to be attached.
|
||||||
- C(attached), attach a zone, but do not boot it.
|
- C(attached), attach a zone, but do not boot it.
|
||||||
- C(detached), shutdown and detach a zone
|
- C(detached), shutdown and detach a zone
|
||||||
|
type: str
|
||||||
choices: [ absent, attached, configured, detached, installed, present, running, started, stopped ]
|
choices: [ absent, attached, configured, detached, installed, present, running, started, stopped ]
|
||||||
default: present
|
default: present
|
||||||
required: true
|
required: true
|
||||||
name:
|
name:
|
||||||
description:
|
description:
|
||||||
- Zone name.
|
- Zone name.
|
||||||
|
type: str
|
||||||
required: true
|
required: true
|
||||||
path:
|
path:
|
||||||
description:
|
description:
|
||||||
- The path where the zone will be created. This is required when the zone is created, but not
|
- The path where the zone will be created. This is required when the zone is created, but not
|
||||||
used otherwise.
|
used otherwise.
|
||||||
|
type: str
|
||||||
sparse:
|
sparse:
|
||||||
description:
|
description:
|
||||||
- Whether to create a sparse (C(true)) or whole root (C(false)) zone.
|
- Whether to create a sparse (C(true)) or whole root (C(false)) zone.
|
||||||
type: bool
|
type: bool
|
||||||
default: 'no'
|
default: no
|
||||||
root_password:
|
root_password:
|
||||||
description:
|
description:
|
||||||
- The password hash for the root account. If not specified, the zone's root account
|
- The password hash for the root account. If not specified, the zone's root account
|
||||||
will not have a password.
|
will not have a password.
|
||||||
|
type: str
|
||||||
config:
|
config:
|
||||||
description:
|
description:
|
||||||
- 'The zonecfg configuration commands for this zone. See zonecfg(1M) for the valid options
|
- 'The zonecfg configuration commands for this zone. See zonecfg(1M) for the valid options
|
||||||
and syntax. Typically this is a list of options separated by semi-colons or new lines, e.g.
|
and syntax. Typically this is a list of options separated by semi-colons or new lines, e.g.
|
||||||
"set auto-boot=true;add net;set physical=bge0;set address=10.1.1.1;end"'
|
"set auto-boot=true;add net;set physical=bge0;set address=10.1.1.1;end"'
|
||||||
default: empty string
|
type: str
|
||||||
|
default: ''
|
||||||
create_options:
|
create_options:
|
||||||
description:
|
description:
|
||||||
- 'Extra options to the zonecfg(1M) create command.'
|
- 'Extra options to the zonecfg(1M) create command.'
|
||||||
default: empty string
|
type: str
|
||||||
|
default: ''
|
||||||
install_options:
|
install_options:
|
||||||
description:
|
description:
|
||||||
- 'Extra options to the zoneadm(1M) install command. To automate Solaris 11 zone creation,
|
- 'Extra options to the zoneadm(1M) install command. To automate Solaris 11 zone creation,
|
||||||
use this to specify the profile XML file, e.g. install_options="-c sc_profile.xml"'
|
use this to specify the profile XML file, e.g. install_options="-c sc_profile.xml"'
|
||||||
default: empty string
|
type: str
|
||||||
|
default: ''
|
||||||
attach_options:
|
attach_options:
|
||||||
description:
|
description:
|
||||||
- 'Extra options to the zoneadm attach command. For example, this can be used to specify
|
- 'Extra options to the zoneadm attach command. For example, this can be used to specify
|
||||||
whether a minimum or full update of packages is required and if any packages need to
|
whether a minimum or full update of packages is required and if any packages need to
|
||||||
be deleted. For valid values, see zoneadm(1M)'
|
be deleted. For valid values, see zoneadm(1M)'
|
||||||
default: empty string
|
type: str
|
||||||
|
default: ''
|
||||||
timeout:
|
timeout:
|
||||||
description:
|
description:
|
||||||
- Timeout, in seconds, for zone to boot.
|
- Timeout, in seconds, for zone to boot.
|
||||||
|
type: int
|
||||||
default: 600
|
default: 600
|
||||||
'''
|
'''
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
'supported_by': 'community'}
|
'supported_by': 'community'}
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
---
|
---
|
||||||
module: ufw
|
module: ufw
|
||||||
short_description: Manage firewall with UFW
|
short_description: Manage firewall with UFW
|
||||||
|
@ -36,20 +36,24 @@ options:
|
||||||
- C(disabled) unloads firewall and disables firewall on boot.
|
- C(disabled) unloads firewall and disables firewall on boot.
|
||||||
- C(reloaded) reloads firewall.
|
- C(reloaded) reloads firewall.
|
||||||
- C(reset) disables and resets firewall to installation defaults.
|
- C(reset) disables and resets firewall to installation defaults.
|
||||||
|
type: str
|
||||||
choices: [ disabled, enabled, reloaded, reset ]
|
choices: [ disabled, enabled, reloaded, reset ]
|
||||||
policy:
|
default:
|
||||||
description:
|
description:
|
||||||
- Change the default policy for incoming or outgoing traffic.
|
- Change the default policy for incoming or outgoing traffic.
|
||||||
aliases: [ default ]
|
type: str
|
||||||
choices: [ allow, deny, reject ]
|
choices: [ allow, deny, reject ]
|
||||||
|
aliases: [ policy ]
|
||||||
direction:
|
direction:
|
||||||
description:
|
description:
|
||||||
- Select direction for a rule or default policy command.
|
- Select direction for a rule or default policy command.
|
||||||
|
type: str
|
||||||
choices: [ in, incoming, out, outgoing, routed ]
|
choices: [ in, incoming, out, outgoing, routed ]
|
||||||
logging:
|
logging:
|
||||||
description:
|
description:
|
||||||
- Toggles logging. Logged packets use the LOG_KERN syslog facility.
|
- Toggles logging. Logged packets use the LOG_KERN syslog facility.
|
||||||
choices: [ on, off, low, medium, high, full ]
|
type: str
|
||||||
|
choices: [ 'on', 'off', low, medium, high, full ]
|
||||||
insert:
|
insert:
|
||||||
description:
|
description:
|
||||||
- Insert the corresponding rule as rule number NUM.
|
- Insert the corresponding rule as rule number NUM.
|
||||||
|
@ -72,18 +76,15 @@ options:
|
||||||
- C(last-ipv6) interprets the rule number relative to the index of the
|
- C(last-ipv6) interprets the rule number relative to the index of the
|
||||||
last IPv6 rule, or relative to the position where the last IPv6 rule
|
last IPv6 rule, or relative to the position where the last IPv6 rule
|
||||||
would be if there is currently none.
|
would be if there is currently none.
|
||||||
choices:
|
type: str
|
||||||
- zero
|
choices: [ first-ipv4, first-ipv6, last-ipv4, last-ipv6, zero ]
|
||||||
- first-ipv4
|
|
||||||
- last-ipv4
|
|
||||||
- first-ipv6
|
|
||||||
- last-ipv6
|
|
||||||
default: zero
|
default: zero
|
||||||
version_added: "2.8"
|
version_added: "2.8"
|
||||||
rule:
|
rule:
|
||||||
description:
|
description:
|
||||||
- Add firewall rule
|
- Add firewall rule
|
||||||
choices: ['allow', 'deny', 'limit', 'reject']
|
type: str
|
||||||
|
choices: [ allow, deny, limit, reject ]
|
||||||
log:
|
log:
|
||||||
description:
|
description:
|
||||||
- Log new connections matched to this rule
|
- Log new connections matched to this rule
|
||||||
|
@ -91,27 +92,34 @@ options:
|
||||||
from_ip:
|
from_ip:
|
||||||
description:
|
description:
|
||||||
- Source IP address.
|
- Source IP address.
|
||||||
aliases: [ from, src ]
|
type: str
|
||||||
default: any
|
default: any
|
||||||
|
aliases: [ from, src ]
|
||||||
from_port:
|
from_port:
|
||||||
description:
|
description:
|
||||||
- Source port.
|
- Source port.
|
||||||
|
type: str
|
||||||
to_ip:
|
to_ip:
|
||||||
description:
|
description:
|
||||||
- Destination IP address.
|
- Destination IP address.
|
||||||
aliases: [ dest, to]
|
type: str
|
||||||
default: any
|
default: any
|
||||||
|
aliases: [ dest, to]
|
||||||
to_port:
|
to_port:
|
||||||
description:
|
description:
|
||||||
- Destination port.
|
- Destination port.
|
||||||
|
type: str
|
||||||
aliases: [ port ]
|
aliases: [ port ]
|
||||||
proto:
|
proto:
|
||||||
description:
|
description:
|
||||||
- TCP/IP protocol.
|
- TCP/IP protocol.
|
||||||
|
type: str
|
||||||
choices: [ any, tcp, udp, ipv6, esp, ah, gre, igmp ]
|
choices: [ any, tcp, udp, ipv6, esp, ah, gre, igmp ]
|
||||||
|
aliases: [ protocol ]
|
||||||
name:
|
name:
|
||||||
description:
|
description:
|
||||||
- Use profile located in C(/etc/ufw/applications.d).
|
- Use profile located in C(/etc/ufw/applications.d).
|
||||||
|
type: str
|
||||||
aliases: [ app ]
|
aliases: [ app ]
|
||||||
delete:
|
delete:
|
||||||
description:
|
description:
|
||||||
|
@ -120,6 +128,7 @@ options:
|
||||||
interface:
|
interface:
|
||||||
description:
|
description:
|
||||||
- Specify interface for rule.
|
- Specify interface for rule.
|
||||||
|
type: str
|
||||||
aliases: [ if ]
|
aliases: [ if ]
|
||||||
route:
|
route:
|
||||||
description:
|
description:
|
||||||
|
@ -128,10 +137,11 @@ options:
|
||||||
comment:
|
comment:
|
||||||
description:
|
description:
|
||||||
- Add a comment to the rule. Requires UFW version >=0.35.
|
- Add a comment to the rule. Requires UFW version >=0.35.
|
||||||
|
type: str
|
||||||
version_added: "2.4"
|
version_added: "2.4"
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
- name: Allow everything and enable UFW
|
- name: Allow everything and enable UFW
|
||||||
ufw:
|
ufw:
|
||||||
state: enabled
|
state: enabled
|
||||||
|
|
|
@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||||
'status': ['stableinterface'],
|
'status': ['stableinterface'],
|
||||||
'supported_by': 'core'}
|
'supported_by': 'core'}
|
||||||
|
|
||||||
DOCUMENTATION = '''
|
DOCUMENTATION = r'''
|
||||||
module: user
|
module: user
|
||||||
version_added: "0.2"
|
version_added: "0.2"
|
||||||
short_description: Manage user accounts
|
short_description: Manage user accounts
|
||||||
|
@ -38,7 +38,6 @@ options:
|
||||||
- macOS only, optionally hide the user from the login window and system preferences.
|
- macOS only, optionally hide the user from the login window and system preferences.
|
||||||
- The default will be C(yes) if the I(system) option is used.
|
- The default will be C(yes) if the I(system) option is used.
|
||||||
type: bool
|
type: bool
|
||||||
required: false
|
|
||||||
version_added: "2.6"
|
version_added: "2.6"
|
||||||
non_unique:
|
non_unique:
|
||||||
description:
|
description:
|
||||||
|
@ -163,8 +162,8 @@ options:
|
||||||
description:
|
description:
|
||||||
- Optionally specify the SSH key filename.
|
- Optionally specify the SSH key filename.
|
||||||
- If this is a relative filename then it will be relative to the user's home directory.
|
- If this is a relative filename then it will be relative to the user's home directory.
|
||||||
|
- This parameter defaults to I(.ssh/id_rsa).
|
||||||
type: path
|
type: path
|
||||||
default: .ssh/id_rsa
|
|
||||||
version_added: "0.9"
|
version_added: "0.9"
|
||||||
ssh_key_comment:
|
ssh_key_comment:
|
||||||
description:
|
description:
|
||||||
|
@ -259,7 +258,7 @@ author:
|
||||||
- Stephen Fromm (@sfromm)
|
- Stephen Fromm (@sfromm)
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = r'''
|
||||||
- name: Add the user 'johnd' with a specific uid and a primary group of 'admin'
|
- name: Add the user 'johnd' with a specific uid and a primary group of 'admin'
|
||||||
user:
|
user:
|
||||||
name: johnd
|
name: johnd
|
||||||
|
@ -300,7 +299,7 @@ EXAMPLES = '''
|
||||||
expires: -1
|
expires: -1
|
||||||
'''
|
'''
|
||||||
|
|
||||||
RETURN = '''
|
RETURN = r'''
|
||||||
append:
|
append:
|
||||||
description: Whether or not to append the user to groups
|
description: Whether or not to append the user to groups
|
||||||
returned: When state is 'present' and the user exists
|
returned: When state is 'present' and the user exists
|
||||||
|
|
|
@ -1,15 +1,11 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
|
||||||
#
|
# Copyright: (c) 2018, Red Hat, Inc.
|
||||||
# Copyright (c) 2018 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
#
|
|
||||||
|
|
||||||
from __future__ import absolute_import, division, print_function
|
from __future__ import absolute_import, division, print_function
|
||||||
__metaclass__ = type
|
__metaclass__ = type
|
||||||
|
|
||||||
|
|
||||||
ANSIBLE_METADATA = {
|
ANSIBLE_METADATA = {
|
||||||
'metadata_version': '1.1',
|
'metadata_version': '1.1',
|
||||||
'status': ['preview'],
|
'status': ['preview'],
|
||||||
|
@ -214,6 +210,7 @@ options:
|
||||||
is only available when creating a new volume, and cannot
|
is only available when creating a new volume, and cannot
|
||||||
be changed for an existing volume.
|
be changed for an existing volume.
|
||||||
type: str
|
type: str
|
||||||
|
choices: [ dense, sparse ]
|
||||||
ackthreads:
|
ackthreads:
|
||||||
description:
|
description:
|
||||||
- Specifies the number of threads to use for
|
- Specifies the number of threads to use for
|
||||||
|
|
|
@ -833,40 +833,15 @@ lib/ansible/modules/storage/zfs/zfs.py E322
|
||||||
lib/ansible/modules/storage/zfs/zfs.py E323
|
lib/ansible/modules/storage/zfs/zfs.py E323
|
||||||
lib/ansible/modules/storage/zfs/zfs_facts.py E323
|
lib/ansible/modules/storage/zfs/zfs_facts.py E323
|
||||||
lib/ansible/modules/storage/zfs/zpool_facts.py E323
|
lib/ansible/modules/storage/zfs/zpool_facts.py E323
|
||||||
lib/ansible/modules/system/aix_inittab.py E324
|
|
||||||
lib/ansible/modules/system/aix_inittab.py E326
|
|
||||||
lib/ansible/modules/system/capabilities.py E322
|
|
||||||
lib/ansible/modules/system/cron.py E324
|
|
||||||
lib/ansible/modules/system/cronvar.py E324
|
|
||||||
lib/ansible/modules/system/crypttab.py E324
|
|
||||||
lib/ansible/modules/system/debconf.py E326
|
|
||||||
lib/ansible/modules/system/firewalld.py E324
|
|
||||||
lib/ansible/modules/system/iptables.py E326
|
|
||||||
lib/ansible/modules/system/java_cert.py E324
|
|
||||||
lib/ansible/modules/system/known_hosts.py E324
|
lib/ansible/modules/system/known_hosts.py E324
|
||||||
lib/ansible/modules/system/make.py E317
|
|
||||||
lib/ansible/modules/system/mount.py E324
|
|
||||||
lib/ansible/modules/system/open_iscsi.py E322
|
|
||||||
lib/ansible/modules/system/osx_defaults.py E322
|
|
||||||
lib/ansible/modules/system/osx_defaults.py E324
|
|
||||||
lib/ansible/modules/system/pamd.py E324
|
|
||||||
lib/ansible/modules/system/pamd.py E326
|
|
||||||
lib/ansible/modules/system/puppet.py E322
|
lib/ansible/modules/system/puppet.py E322
|
||||||
lib/ansible/modules/system/runit.py E322
|
lib/ansible/modules/system/runit.py E322
|
||||||
lib/ansible/modules/system/runit.py E324
|
lib/ansible/modules/system/runit.py E324
|
||||||
lib/ansible/modules/system/sefcontext.py E326
|
|
||||||
lib/ansible/modules/system/selinux.py E324
|
|
||||||
lib/ansible/modules/system/selinux_permissive.py E322
|
|
||||||
lib/ansible/modules/system/seport.py E324
|
|
||||||
lib/ansible/modules/system/service.py E210
|
lib/ansible/modules/system/service.py E210
|
||||||
lib/ansible/modules/system/service.py E323
|
lib/ansible/modules/system/service.py E323
|
||||||
lib/ansible/modules/system/solaris_zone.py E324
|
|
||||||
lib/ansible/modules/system/ufw.py E322
|
|
||||||
lib/ansible/modules/system/ufw.py E326
|
|
||||||
lib/ansible/modules/system/user.py E210
|
lib/ansible/modules/system/user.py E210
|
||||||
lib/ansible/modules/system/user.py E324
|
lib/ansible/modules/system/user.py E324
|
||||||
lib/ansible/modules/system/user.py E327
|
lib/ansible/modules/system/user.py E327
|
||||||
lib/ansible/modules/system/vdo.py E326
|
|
||||||
lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py E326
|
lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py E326
|
||||||
lib/ansible/modules/web_infrastructure/ansible_tower/tower_group.py E324
|
lib/ansible/modules/web_infrastructure/ansible_tower/tower_group.py E324
|
||||||
lib/ansible/modules/web_infrastructure/ansible_tower/tower_job_launch.py E323
|
lib/ansible/modules/web_infrastructure/ansible_tower/tower_job_launch.py E323
|
||||||
|
|
Loading…
Reference in a new issue