1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

validate-modules: Fix all system modules (#52384)

This PR includes validate-modules fixes for all system modules.
Except a few that are deliberately implemented like this.
This commit is contained in:
Dag Wieers 2019-02-19 15:42:14 +01:00 committed by GitHub
parent c9eb186a94
commit 8c74df5e67
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
26 changed files with 568 additions and 495 deletions

View file

@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
author: author:
- Joris Weijters (@molekuul) - Joris Weijters (@molekuul)
@ -42,7 +42,7 @@ options:
- bootwait - bootwait
- hold - hold
- initdefault - initdefault
- off - 'off'
- once - once
- ondemand - ondemand
- powerfail - powerfail
@ -174,7 +174,7 @@ def main():
]), ]),
command=dict(type='str', required=True), command=dict(type='str', required=True),
insertafter=dict(type='str'), insertafter=dict(type='str'),
state=dict(type='str', required=True, choices=['absent', 'present']), state=dict(type='str', default='present', choices=['absent', 'present']),
), ),
supports_check_mode=True, supports_check_mode=True,
) )

View file

@ -24,6 +24,7 @@ options:
- Specifies the path to the file to be managed. - Specifies the path to the file to be managed.
type: str type: str
required: yes required: yes
aliases: [ key ]
capability: capability:
description: description:
- Desired capability to set (with operator and flags, if state is C(present)) or remove (if state is C(absent)) - Desired capability to set (with operator and flags, if state is C(present)) or remove (if state is C(absent))

View file

@ -15,7 +15,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = """ DOCUMENTATION = r'''
--- ---
module: cron module: cron
short_description: Manage cron.d and crontab entries short_description: Manage cron.d and crontab entries
@ -27,67 +27,78 @@ description:
which is used by future ansible/module calls to find/check the state. The "name" which is used by future ansible/module calls to find/check the state. The "name"
parameter should be unique, and changing the "name" value will result in a new cron parameter should be unique, and changing the "name" value will result in a new cron
task being created (or a different one being removed).' task being created (or a different one being removed).'
- 'When environment variables are managed: no comment line is added, but, when the module - When environment variables are managed, no comment line is added, but, when the module
needs to find/check the state, it uses the "name" parameter to find the environment needs to find/check the state, it uses the "name" parameter to find the environment
variable definition line.' variable definition line.
- 'When using symbols such as %, they must be properly escaped.' - When using symbols such as %, they must be properly escaped.
version_added: "0.9" version_added: "0.9"
options: options:
name: name:
description: description:
- Description of a crontab entry or, if env is set, the name of environment variable. - Description of a crontab entry or, if env is set, the name of environment variable.
Required if state=absent. Note that if name is not set and state=present, then a - Required if C(state=absent).
- Note that if name is not set and C(state=present), then a
new crontab entry will always be created, regardless of existing ones. new crontab entry will always be created, regardless of existing ones.
This parameter will always be required in future releases. - This parameter will always be required in future releases.
type: str
user: user:
description: description:
- The specific user whose crontab should be modified. - The specific user whose crontab should be modified.
default: root - When unset, this parameter defaults to using C(root).
type: str
job: job:
description: description:
- The command to execute or, if env is set, the value of environment variable. - The command to execute or, if env is set, the value of environment variable.
The command should not contain line breaks. - The command should not contain line breaks.
Required if state=present. - Required if C(state=present).
type: str
aliases: [ value ] aliases: [ value ]
state: state:
description: description:
- Whether to ensure the job or environment variable is present or absent. - Whether to ensure the job or environment variable is present or absent.
type: str
choices: [ absent, present ] choices: [ absent, present ]
default: present default: present
cron_file: cron_file:
description: description:
- If specified, uses this file instead of an individual user's crontab. - If specified, uses this file instead of an individual user's crontab.
If this is a relative path, it is interpreted with respect to - If this is a relative path, it is interpreted with respect to I(/etc/cron.d).
/etc/cron.d. (If it is absolute, it will typically be /etc/crontab). - If it is absolute, it will typically be I(/etc/crontab).
Many linux distros expect (and some require) the filename portion to consist solely - Many linux distros expect (and some require) the filename portion to consist solely
of upper- and lower-case letters, digits, underscores, and hyphens. of upper- and lower-case letters, digits, underscores, and hyphens.
To use the C(cron_file) parameter you must specify the C(user) as well. - To use the C(cron_file) parameter you must specify the C(user) as well.
type: str
backup: backup:
description: description:
- If set, create a backup of the crontab before it is modified. - If set, create a backup of the crontab before it is modified.
The location of the backup is returned in the C(backup_file) variable by this module. The location of the backup is returned in the C(backup_file) variable by this module.
type: bool type: bool
default: 'no' default: no
minute: minute:
description: description:
- Minute when the job should run ( 0-59, *, */2, etc ) - Minute when the job should run ( 0-59, *, */2, etc )
type: str
default: "*" default: "*"
hour: hour:
description: description:
- Hour when the job should run ( 0-23, *, */2, etc ) - Hour when the job should run ( 0-23, *, */2, etc )
type: str
default: "*" default: "*"
day: day:
description: description:
- Day of the month the job should run ( 1-31, *, */2, etc ) - Day of the month the job should run ( 1-31, *, */2, etc )
type: str
default: "*" default: "*"
aliases: [ dom ] aliases: [ dom ]
month: month:
description: description:
- Month of the year the job should run ( 1-12, *, */2, etc ) - Month of the year the job should run ( 1-12, *, */2, etc )
type: str
default: "*" default: "*"
weekday: weekday:
description: description:
- Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc ) - Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc )
type: str
default: "*" default: "*"
aliases: [ dow ] aliases: [ dow ]
reboot: reboot:
@ -95,10 +106,11 @@ options:
- If the job should be run at reboot. This option is deprecated. Users should use special_time. - If the job should be run at reboot. This option is deprecated. Users should use special_time.
version_added: "1.0" version_added: "1.0"
type: bool type: bool
default: "no" default: no
special_time: special_time:
description: description:
- Special time specification nickname. - Special time specification nickname.
type: str
choices: [ annually, daily, hourly, monthly, reboot, weekly, yearly ] choices: [ annually, daily, hourly, monthly, reboot, weekly, yearly ]
version_added: "1.3" version_added: "1.3"
disabled: disabled:
@ -106,24 +118,27 @@ options:
- If the job should be disabled (commented out) in the crontab. - If the job should be disabled (commented out) in the crontab.
- Only has effect if C(state=present). - Only has effect if C(state=present).
type: bool type: bool
default: 'no' default: no
version_added: "2.0" version_added: "2.0"
env: env:
description: description:
- If set, manages a crontab's environment variable. New variables are added on top of crontab. - If set, manages a crontab's environment variable.
"name" and "value" parameters are the name and the value of environment variable. - New variables are added on top of crontab.
- C(name) and C(value) parameters are the name and the value of environment variable.
type: bool type: bool
default: "no" default: no
version_added: "2.1" version_added: "2.1"
insertafter: insertafter:
description: description:
- Used with C(state=present) and C(env). If specified, the environment variable will be - Used with C(state=present) and C(env).
inserted after the declaration of specified environment variable. - If specified, the environment variable will be inserted after the declaration of specified environment variable.
type: str
version_added: "2.1" version_added: "2.1"
insertbefore: insertbefore:
description: description:
- Used with C(state=present) and C(env). If specified, the environment variable will be - Used with C(state=present) and C(env).
inserted before the declaration of specified environment variable. - If specified, the environment variable will be inserted before the declaration of specified environment variable.
type: str
version_added: "2.1" version_added: "2.1"
requirements: requirements:
- cron - cron
@ -133,9 +148,9 @@ author:
- Patrick Callahan (@dirtyharrycallahan) - Patrick Callahan (@dirtyharrycallahan)
- Evan Kaufman (@EvanK) - Evan Kaufman (@EvanK)
- Luca Berruti (@lberruti) - Luca Berruti (@lberruti)
""" '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null" - name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null"
cron: cron:
name: "check dirs" name: "check dirs"

View file

@ -20,58 +20,65 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = """ DOCUMENTATION = r'''
--- ---
module: cronvar module: cronvar
short_description: Manage variables in crontabs short_description: Manage variables in crontabs
description: description:
- Use this module to manage crontab variables. This module allows - Use this module to manage crontab variables.
you to create, update, or delete cron variable definitions. - This module allows you to create, update, or delete cron variable definitions.
version_added: "2.0" version_added: "2.0"
options: options:
name: name:
description: description:
- Name of the crontab variable. - Name of the crontab variable.
type: str
required: yes required: yes
value: value:
description: description:
- The value to set this variable to. - The value to set this variable to.
- Required if C(state=present). - Required if C(state=present).
type: str
insertafter: insertafter:
description: description:
- If specified, the variable will be inserted after the variable specified. - If specified, the variable will be inserted after the variable specified.
- Used with C(state=present). - Used with C(state=present).
type: str
insertbefore: insertbefore:
description: description:
- Used with C(state=present). If specified, the variable will be inserted - Used with C(state=present). If specified, the variable will be inserted
just before the variable specified. just before the variable specified.
type: str
state: state:
description: description:
- Whether to ensure that the variable is present or absent. - Whether to ensure that the variable is present or absent.
type: str
choices: [ absent, present ] choices: [ absent, present ]
default: present default: present
user: user:
description: description:
- The specific user whose crontab should be modified. - The specific user whose crontab should be modified.
default: root - This parameter defaults to C(root) when unset.
type: str
cron_file: cron_file:
description: description:
- If specified, uses this file instead of an individual user's crontab. - If specified, uses this file instead of an individual user's crontab.
Without a leading /, this is assumed to be in /etc/cron.d. With a leading - Without a leading C(/), this is assumed to be in I(/etc/cron.d).
/, this is taken as absolute. - With a leading C(/), this is taken as absolute.
type: str
backup: backup:
description: description:
- If set, create a backup of the crontab before it is modified. - If set, create a backup of the crontab before it is modified.
The location of the backup is returned in the C(backup) variable by this module. The location of the backup is returned in the C(backup) variable by this module.
type: bool type: bool
default: 'no' default: no
requirements: requirements:
- cron - cron
author: author:
- Doug Luce (@dougluce) - Doug Luce (@dougluce)
""" '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Ensure entry like "EMAIL=doug@ansibmod.con.com" exists - name: Ensure entry like "EMAIL=doug@ansibmod.con.com" exists
cronvar: cronvar:
name: EMAIL name: EMAIL

View file

@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: crypttab module: crypttab
short_description: Encrypted Linux block devices short_description: Encrypted Linux block devices
@ -24,38 +24,44 @@ options:
- Name of the encrypted block device as it appears in the C(/etc/crypttab) file, or - Name of the encrypted block device as it appears in the C(/etc/crypttab) file, or
optionally prefixed with C(/dev/mapper/), as it appears in the filesystem. I(/dev/mapper/) optionally prefixed with C(/dev/mapper/), as it appears in the filesystem. I(/dev/mapper/)
will be stripped from I(name). will be stripped from I(name).
type: str
required: yes required: yes
state: state:
description: description:
- Use I(present) to add a line to C(/etc/crypttab) or update it's definition - Use I(present) to add a line to C(/etc/crypttab) or update its definition
if already present. Use I(absent) to remove a line with matching I(name). if already present.
Use I(opts_present) to add options to those already present; options with - Use I(absent) to remove a line with matching I(name).
different values will be updated. Use I(opts_absent) to remove options from - Use I(opts_present) to add options to those already present; options with
the existing set. different values will be updated.
- Use I(opts_absent) to remove options from the existing set.
type: str
required: yes required: yes
choices: [ absent, opts_absent, opts_present, present ] choices: [ absent, opts_absent, opts_present, present ]
backing_device: backing_device:
description: description:
- Path to the underlying block device or file, or the UUID of a block-device - Path to the underlying block device or file, or the UUID of a block-device
prefixed with I(UUID=). prefixed with I(UUID=).
type: str
password: password:
description: description:
- Encryption password, the path to a file containing the password, or - Encryption password, the path to a file containing the password, or
C(none) or C(-) if the password should be entered at boot. C(-) or unset if the password should be entered at boot.
default: 'none' type: path
opts: opts:
description: description:
- A comma-delimited list of options. See C(crypttab(5) ) for details. - A comma-delimited list of options. See C(crypttab(5) ) for details.
type: str
path: path:
description: description:
- Path to file to use instead of C(/etc/crypttab). This might be useful - Path to file to use instead of C(/etc/crypttab).
in a chroot environment. - This might be useful in a chroot environment.
type: path
default: /etc/crypttab default: /etc/crypttab
author: author:
- Steve (@groks) - Steve (@groks)
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Set the options explicitly a device which must already exist - name: Set the options explicitly a device which must already exist
crypttab: crypttab:
name: luks-home name: luks-home

View file

@ -11,12 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['stableinterface'], 'status': ['stableinterface'],
'supported_by': 'core'} 'supported_by': 'core'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: debconf module: debconf
short_description: Configure a .deb package short_description: Configure a .deb package
description: description:
- Configure a .deb package using debconf-set-selections. Or just query existing selections. - Configure a .deb package using debconf-set-selections.
- Or just query existing selections.
version_added: "1.6" version_added: "1.6"
notes: notes:
- This module requires the command line debconf tools. - This module requires the command line debconf tools.
@ -24,37 +25,42 @@ notes:
Use 'debconf-show <package>' on any Debian or derivative with the package Use 'debconf-show <package>' on any Debian or derivative with the package
installed to see questions/settings available. installed to see questions/settings available.
- Some distros will always record tasks involving the setting of passwords as changed. This is due to debconf-get-selections masking passwords. - Some distros will always record tasks involving the setting of passwords as changed. This is due to debconf-get-selections masking passwords.
requirements: [ debconf, debconf-utils ] requirements:
- debconf
- debconf-utils
options: options:
name: name:
description: description:
- Name of package to configure. - Name of package to configure.
type: str
required: true required: true
aliases: [ pkg ] aliases: [ pkg ]
question: question:
description: description:
- A debconf configuration setting. - A debconf configuration setting.
type: str
aliases: [ selection, setting ] aliases: [ selection, setting ]
vtype: vtype:
description: description:
- The type of the value supplied. - The type of the value supplied.
- C(seen) was added in 2.2. - C(seen) was added in Ansible 2.2.
choices: [ boolean, error, multiselect, note, password, seen, select, string, text, title, text ] type: str
choices: [ boolean, error, multiselect, note, password, seen, select, string, text, title ]
value: value:
description: description:
- Value to set the configuration to. - Value to set the configuration to.
type: str
aliases: [ answer ] aliases: [ answer ]
unseen: unseen:
description: description:
- Do not set 'seen' flag when pre-seeding. - Do not set 'seen' flag when pre-seeding.
type: bool type: bool
default: False default: no
author: author:
- Brian Coca (@bcoca) - Brian Coca (@bcoca)
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Set default locale to fr_FR.UTF-8 - name: Set default locale to fr_FR.UTF-8
debconf: debconf:
name: locales name: locales

View file

@ -7,12 +7,10 @@
from __future__ import absolute_import, division, print_function from __future__ import absolute_import, division, print_function
__metaclass__ = type __metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1', ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = r''' DOCUMENTATION = r'''
--- ---
module: firewalld module: firewalld
@ -57,12 +55,11 @@ options:
version_added: "2.8" version_added: "2.8"
zone: zone:
description: description:
- > - The firewalld zone to add/remove to/from.
The firewalld zone to add/remove to/from (NOTE: default zone can be configured per system but "public" is default from upstream. - Note that the default zone can be configured per system but C(public) is default from upstream.
- Available choices can be extended based on per-system configs, listed here are "out of the box" defaults). - Available choices can be extended based on per-system configs, listed here are "out of the box" defaults).
- Possible values include C(block), C(dmz), C(drop), C(external), C(home), C(internal), C(public), C(trusted), C(work) ] - Possible values include C(block), C(dmz), C(drop), C(external), C(home), C(internal), C(public), C(trusted), C(work) ]
type: str type: str
default: system-default(public)
permanent: permanent:
description: description:
- Should this configuration be in the running firewalld configuration or persist across reboots. - Should this configuration be in the running firewalld configuration or persist across reboots.
@ -109,8 +106,10 @@ notes:
The module will not take care of this for you implicitly because that would undo any previously performed immediate actions which were not The module will not take care of this for you implicitly because that would undo any previously performed immediate actions which were not
permanent. Therefore, if you require immediate access to a newly created zone it is recommended you reload firewalld immediately after the zone permanent. Therefore, if you require immediate access to a newly created zone it is recommended you reload firewalld immediately after the zone
creation returns with a changed state and before you perform any other immediate, non-permanent actions on that zone. creation returns with a changed state and before you perform any other immediate, non-permanent actions on that zone.
requirements: [ 'firewalld >= 0.2.11' ] requirements:
author: "Adam Miller (@maxamillion)" - firewalld >= 0.2.11
author:
- Adam Miller (@maxamillion)
''' '''
EXAMPLES = r''' EXAMPLES = r'''

View file

@ -1,6 +1,6 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
#
# Copyright: (c) 2015, Linus Unnebäck <linus@folkdatorn.se> # Copyright: (c) 2015, Linus Unnebäck <linus@folkdatorn.se>
# Copyright: (c) 2017, Sébastien DA ROCHA <sebastien@da-rocha.net> # Copyright: (c) 2017, Sébastien DA ROCHA <sebastien@da-rocha.net>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -12,7 +12,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'core'} 'supported_by': 'core'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: iptables module: iptables
short_description: Modify iptables rules short_description: Modify iptables rules
@ -28,60 +28,61 @@ description:
same as the behaviour of the C(iptables) and C(ip6tables) command which same as the behaviour of the C(iptables) and C(ip6tables) command which
this module uses internally. this module uses internally.
notes: notes:
- This module just deals with individual rules. If you need advanced - This module just deals with individual rules.If you need advanced
chaining of rules the recommended way is to template the iptables restore chaining of rules the recommended way is to template the iptables restore
file. file.
options: options:
table: table:
description: description:
- This option specifies the packet matching table which the command - This option specifies the packet matching table which the command should operate on.
should operate on. If the kernel is configured with automatic module - If the kernel is configured with automatic module loading, an attempt will be made
loading, an attempt will be made to load the appropriate module for to load the appropriate module for that table if it is not already there.
that table if it is not already there. type: str
choices: [ filter, nat, mangle, raw, security ] choices: [ filter, nat, mangle, raw, security ]
default: filter default: filter
state: state:
description: description:
- Whether the rule should be absent or present. - Whether the rule should be absent or present.
type: str
choices: [ absent, present ] choices: [ absent, present ]
default: present default: present
action: action:
description: description:
- Whether the rule should be appended at the bottom or inserted at the top. - Whether the rule should be appended at the bottom or inserted at the top.
- If the rule already exists the chain won't be modified. - If the rule already exists the chain will not be modified.
type: str
choices: [ append, insert ] choices: [ append, insert ]
default: append default: append
version_added: "2.2" version_added: "2.2"
rule_num: rule_num:
description: description:
- Insert the rule as the given rule number. This works only with - Insert the rule as the given rule number.
action = 'insert'. - This works only with C(action=insert).
type: str
version_added: "2.5" version_added: "2.5"
ip_version: ip_version:
description: description:
- Which version of the IP protocol this rule should apply to. - Which version of the IP protocol this rule should apply to.
type: str
choices: [ ipv4, ipv6 ] choices: [ ipv4, ipv6 ]
default: ipv4 default: ipv4
chain: chain:
description: description:
- "Specify the iptables chain to modify. This could be a user-defined chain or one of the standard iptables chains:" - Specify the iptables chain to modify.
- C(INPUT) - This could be a user-defined chain or one of the standard iptables chains, like
- C(FORWARD) C(INPUT), C(FORWARD), C(OUTPUT), C(PREROUTING), C(POSTROUTING), C(SECMARK) or C(CONNSECMARK).
- C(OUTPUT) type: str
- C(PREROUTING)
- C(POSTROUTING)
- C(SECMARK)
- C(CONNSECMARK)
protocol: protocol:
description: description:
- The protocol of the rule or of the packet to check. - The protocol of the rule or of the packet to check.
- The specified protocol can be one of tcp, udp, udplite, icmp, esp, - The specified protocol can be one of C(tcp), C(udp), C(udplite), C(icmp), C(esp),
ah, sctp or the special keyword "all", or it can be a numeric value, C(ah), C(sctp) or the special keyword C(all), or it can be a numeric value,
representing one of these protocols or a different one. A protocol representing one of these protocols or a different one.
name from /etc/protocols is also allowed. A "!" argument before the - A protocol name from I(/etc/protocols) is also allowed.
protocol inverts the test. The number zero is equivalent to all. - A C(!) argument before the protocol inverts the test.
"all" will match with all protocols and is taken as default when this - The number zero is equivalent to all.
option is omitted. - C(all) will match with all protocols and is taken as default when this option is omitted.
type: str
source: source:
description: description:
- Source specification. - Source specification.
@ -92,8 +93,9 @@ options:
a remote query such as DNS is a really bad idea. a remote query such as DNS is a really bad idea.
- The mask can be either a network mask or a plain number, specifying - The mask can be either a network mask or a plain number, specifying
the number of 1's at the left side of the network mask. Thus, a mask the number of 1's at the left side of the network mask. Thus, a mask
of 24 is equivalent to 255.255.255.0. A "!" argument before the of 24 is equivalent to 255.255.255.0. A C(!) argument before the
address specification inverts the sense of the address. address specification inverts the sense of the address.
type: str
destination: destination:
description: description:
- Destination specification. - Destination specification.
@ -104,82 +106,96 @@ options:
a remote query such as DNS is a really bad idea. a remote query such as DNS is a really bad idea.
- The mask can be either a network mask or a plain number, specifying - The mask can be either a network mask or a plain number, specifying
the number of 1's at the left side of the network mask. Thus, a mask the number of 1's at the left side of the network mask. Thus, a mask
of 24 is equivalent to 255.255.255.0. A "!" argument before the of 24 is equivalent to 255.255.255.0. A C(!) argument before the
address specification inverts the sense of the address. address specification inverts the sense of the address.
type: str
tcp_flags: tcp_flags:
description: description:
- TCP flags specification. - TCP flags specification.
- C(tcp_flags) expects a dict with the two keys C(flags) and C(flags_set). - C(tcp_flags) expects a dict with the two keys C(flags) and C(flags_set).
type: dict
default: {} default: {}
version_added: "2.4" version_added: "2.4"
suboptions: suboptions:
flags: flags:
description: description:
- List of flags you want to examine. - List of flags you want to examine.
type: list
flags_set: flags_set:
description: description:
- Flags to be set. - Flags to be set.
type: list
match: match:
description: description:
- Specifies a match to use, that is, an extension module that tests for - Specifies a match to use, that is, an extension module that tests for
a specific property. The set of matches make up the condition under a specific property.
which a target is invoked. Matches are evaluated first to last if - The set of matches make up the condition under which a target is invoked.
specified as an array and work in short-circuit fashion, i.e. if one - Matches are evaluated first to last if specified as an array and work in short-circuit
extension yields false, evaluation will stop. fashion, i.e. if one extension yields false, evaluation will stop.
type: list
default: [] default: []
jump: jump:
description: description:
- This specifies the target of the rule; i.e., what to do if the packet - This specifies the target of the rule; i.e., what to do if the packet matches it.
matches it. The target can be a user-defined chain (other than the one - The target can be a user-defined chain (other than the one
this rule is in), one of the special builtin targets which decide the this rule is in), one of the special builtin targets which decide the
fate of the packet immediately, or an extension (see EXTENSIONS fate of the packet immediately, or an extension (see EXTENSIONS
below). If this option is omitted in a rule (and the goto parameter below).
- If this option is omitted in a rule (and the goto parameter
is not used), then matching the rule will have no effect on the is not used), then matching the rule will have no effect on the
packet's fate, but the counters on the rule will be incremented. packet's fate, but the counters on the rule will be incremented.
type: str
log_prefix: log_prefix:
description: description:
- Specifies a log text for the rule. Only make sense with a LOG jump. - Specifies a log text for the rule. Only make sense with a LOG jump.
type: str
version_added: "2.5" version_added: "2.5"
goto: goto:
description: description:
- This specifies that the processing should continue in a user specified - This specifies that the processing should continue in a user specified chain.
chain. Unlike the jump argument return will not continue processing in - Unlike the jump argument return will not continue processing in
this chain but instead in the chain that called us via jump. this chain but instead in the chain that called us via jump.
type: str
in_interface: in_interface:
description: description:
- Name of an interface via which a packet was received (only for packets - Name of an interface via which a packet was received (only for packets
entering the INPUT, FORWARD and PREROUTING chains). When the "!" entering the C(INPUT), C(FORWARD) and C(PREROUTING) chains).
argument is used before the interface name, the sense is inverted. If - When the C(!) argument is used before the interface name, the sense is inverted.
the interface name ends in a "+", then any interface which begins with - If the interface name ends in a C(+), then any interface which begins with
this name will match. If this option is omitted, any interface name this name will match.
will match. - If this option is omitted, any interface name will match.
type: str
out_interface: out_interface:
description: description:
- Name of an interface via which a packet is going to be sent (for - Name of an interface via which a packet is going to be sent (for
packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the packets entering the C(FORWARD), C(OUTPUT) and C(POSTROUTING) chains).
"!" argument is used before the interface name, the sense is inverted. - When the C(!) argument is used before the interface name, the sense is inverted.
If the interface name ends in a "+", then any interface which begins - If the interface name ends in a C(+), then any interface which begins
with this name will match. If this option is omitted, any interface with this name will match.
name will match. - If this option is omitted, any interface name will match.
type: str
fragment: fragment:
description: description:
- This means that the rule only refers to second and further fragments - This means that the rule only refers to second and further fragments
of fragmented packets. Since there is no way to tell the source or of fragmented packets.
destination ports of such a packet (or ICMP type), such a packet will - Since there is no way to tell the source or destination ports of such
not match any rules which specify them. When the "!" argument precedes a packet (or ICMP type), such a packet will not match any rules which specify them.
fragment argument, the rule will only match head fragments, or - When the "!" argument precedes fragment argument, the rule will only match head fragments,
unfragmented packets. or unfragmented packets.
type: str
set_counters: set_counters:
description: description:
- This enables the administrator to initialize the packet and byte - This enables the administrator to initialize the packet and byte
counters of a rule (during INSERT, APPEND, REPLACE operations). counters of a rule (during C(INSERT), C(APPEND), C(REPLACE) operations).
type: str
source_port: source_port:
description: description:
- Source port or port range specification. This can either be a service - Source port or port range specification.
name or a port number. An inclusive range can also be specified, using - This can either be a service name or a port number.
the format first:last. If the first port is omitted, '0' is assumed; - An inclusive range can also be specified, using the format C(first:last).
if the last is omitted, '65535' is assumed. If the first port is - If the first port is omitted, C(0) is assumed; if the last is omitted, C(65535) is assumed.
greater than the second one they will be swapped. - If the first port is greater than the second one they will be swapped.
type: str
destination_port: destination_port:
description: description:
- "Destination port or port range specification. This can either be - "Destination port or port range specification. This can either be
@ -189,27 +205,32 @@ options:
first port is greater than the second one they will be swapped. first port is greater than the second one they will be swapped.
This is only valid if the rule also specifies one of the following This is only valid if the rule also specifies one of the following
protocols: tcp, udp, dccp or sctp." protocols: tcp, udp, dccp or sctp."
type: str
to_ports: to_ports:
description: description:
- "This specifies a destination port or range of ports to use: without - This specifies a destination port or range of ports to use, without
this, the destination port is never altered. This is only valid if the this, the destination port is never altered.
rule also specifies one of the following protocols: tcp, udp, dccp or - This is only valid if the rule also specifies one of the protocol
sctp." C(tcp), C(udp), C(dccp) or C(sctp).
type: str
to_destination: to_destination:
description: description:
- This specifies a destination address to use with DNAT. - This specifies a destination address to use with C(DNAT).
- Without this, the destination address is never altered. - Without this, the destination address is never altered.
type: str
version_added: "2.1" version_added: "2.1"
to_source: to_source:
description: description:
- This specifies a source address to use with SNAT. - This specifies a source address to use with C(SNAT).
- Without this, the source address is never altered. - Without this, the source address is never altered.
type: str
version_added: "2.2" version_added: "2.2"
syn: syn:
description: description:
- This allows matching packets that have the SYN bit set and the ACK - This allows matching packets that have the SYN bit set and the ACK
and RST bits unset. and RST bits unset.
- When negated, this matches all packets with the RST or the ACK bits set. - When negated, this matches all packets with the RST or the ACK bits set.
type: str
choices: [ ignore, match, negate ] choices: [ ignore, match, negate ]
default: ignore default: ignore
version_added: "2.5" version_added: "2.5"
@ -218,28 +239,24 @@ options:
- This allows specifying a DSCP mark to be added to packets. - This allows specifying a DSCP mark to be added to packets.
It takes either an integer or hex value. It takes either an integer or hex value.
- Mutually exclusive with C(set_dscp_mark_class). - Mutually exclusive with C(set_dscp_mark_class).
type: str
version_added: "2.1" version_added: "2.1"
set_dscp_mark_class: set_dscp_mark_class:
description: description:
- This allows specifying a predefined DiffServ class which will be - This allows specifying a predefined DiffServ class which will be
translated to the corresponding DSCP mark. translated to the corresponding DSCP mark.
- Mutually exclusive with C(set_dscp_mark). - Mutually exclusive with C(set_dscp_mark).
type: str
version_added: "2.1" version_added: "2.1"
comment: comment:
description: description:
- This specifies a comment that will be added to the rule. - This specifies a comment that will be added to the rule.
type: str
ctstate: ctstate:
description: description:
- "C(ctstate) is a list of the connection states to match in the conntrack - C(ctstate) is a list of the connection states to match in the conntrack module.
module. Possible states are:" - Possible states are C(INVALID), C(NEW), C(ESTABLISHED), C(RELATED), C(UNTRACKED), C(SNAT), C(DNAT)
- C(INVALID) type: list
- C(NEW)
- C(ESTABLISHED)
- C(RELATED)
- C(UNTRACKED)
- C(SNAT)
- C(DNAT)
choices: [ DNAT, ESTABLISHED, INVALID, NEW, RELATED, SNAT, UNTRACKED ]
default: [] default: []
limit: limit:
description: description:
@ -247,54 +264,60 @@ options:
- The number can specify units explicitly, using `/second', `/minute', - The number can specify units explicitly, using `/second', `/minute',
`/hour' or `/day', or parts of them (so `5/second' is the same as `/hour' or `/day', or parts of them (so `5/second' is the same as
`5/s'). `5/s').
type: str
limit_burst: limit_burst:
description: description:
- Specifies the maximum burst before the above limit kicks in. - Specifies the maximum burst before the above limit kicks in.
type: str
version_added: "2.1" version_added: "2.1"
uid_owner: uid_owner:
description: description:
- Specifies the UID or username to use in match by owner rule. From - Specifies the UID or username to use in match by owner rule.
Ansible 2.6 when the C(!) argument is prepended then the it inverts - From Ansible 2.6 when the C(!) argument is prepended then the it inverts
the rule to apply instead to all users except that one specified. the rule to apply instead to all users except that one specified.
type: str
version_added: "2.1" version_added: "2.1"
reject_with: reject_with:
description: description:
- 'Specifies the error packet type to return while rejecting. It implies - 'Specifies the error packet type to return while rejecting. It implies
"jump: REJECT"' "jump: REJECT"'
type: str
version_added: "2.1" version_added: "2.1"
icmp_type: icmp_type:
description: description:
- This allows specification of the ICMP type, which can be a numeric - This allows specification of the ICMP type, which can be a numeric
ICMP type, type/code pair, or one of the ICMP type names shown by the ICMP type, type/code pair, or one of the ICMP type names shown by the
command 'iptables -p icmp -h' command 'iptables -p icmp -h'
type: str
version_added: "2.2" version_added: "2.2"
flush: flush:
description: description:
- Flushes the specified table and chain of all rules. - Flushes the specified table and chain of all rules.
- If no chain is specified then the entire table is purged. - If no chain is specified then the entire table is purged.
- Ignores all other parameters. - Ignores all other parameters.
version_added: "2.2"
type: bool type: bool
version_added: "2.2"
policy: policy:
description: description:
- Set the policy for the chain to the given target. - Set the policy for the chain to the given target.
- Only built-in chains can have policies. - Only built-in chains can have policies.
- This parameter requires the C(chain) parameter. - This parameter requires the C(chain) parameter.
- Ignores all other parameters. - Ignores all other parameters.
type: str
choices: [ ACCEPT, DROP, QUEUE, RETURN ] choices: [ ACCEPT, DROP, QUEUE, RETURN ]
version_added: "2.2" version_added: "2.2"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Block specific IP - name: Block specific IP
- iptables: iptables:
chain: INPUT chain: INPUT
source: 8.8.8.8 source: 8.8.8.8
jump: DROP jump: DROP
become: yes become: yes
# Forward port 80 to 8600 - name: Forward port 80 to 8600
- iptables: iptables:
table: nat table: nat
chain: PREROUTING chain: PREROUTING
in_interface: eth0 in_interface: eth0
@ -306,15 +329,15 @@ EXAMPLES = '''
comment: Redirect web traffic to port 8600 comment: Redirect web traffic to port 8600
become: yes become: yes
# Allow related and established connections - name: Allow related and established connections
- iptables: iptables:
chain: INPUT chain: INPUT
ctstate: ESTABLISHED,RELATED ctstate: ESTABLISHED,RELATED
jump: ACCEPT jump: ACCEPT
become: yes become: yes
# Allow new incoming SYN packets on TCP port 22 (SSH). - name: Allow new incoming SYN packets on TCP port 22 (SSH).
- iptables: iptables:
chain: INPUT chain: INPUT
protocol: tcp protocol: tcp
destination_port: 22 destination_port: 22
@ -323,44 +346,44 @@ EXAMPLES = '''
jump: ACCEPT jump: ACCEPT
comment: Accept new SSH connections. comment: Accept new SSH connections.
# Tag all outbound tcp packets with DSCP mark 8 - name: Tag all outbound tcp packets with DSCP mark 8
- iptables: iptables:
chain: OUTPUT chain: OUTPUT
jump: DSCP jump: DSCP
table: mangle table: mangle
set_dscp_mark: 8 set_dscp_mark: 8
protocol: tcp protocol: tcp
# Tag all outbound tcp packets with DSCP DiffServ class CS1 - name: Tag all outbound tcp packets with DSCP DiffServ class CS1
- iptables: iptables:
chain: OUTPUT chain: OUTPUT
jump: DSCP jump: DSCP
table: mangle table: mangle
set_dscp_mark_class: CS1 set_dscp_mark_class: CS1
protocol: tcp protocol: tcp
# Insert a rule on line 5 - name: Insert a rule on line 5
- iptables: iptables:
chain: INPUT chain: INPUT
protocol: tcp protocol: tcp
destination_port: 8080 destination_port: 8080
jump: ACCEPT jump: ACCEPT
rule_num: 5 rule_num: 5
# Set the policy for the INPUT chain to DROP - name: Set the policy for the INPUT chain to DROP
- iptables: iptables:
chain: INPUT chain: INPUT
policy: DROP policy: DROP
# Reject tcp with tcp-reset - name: Reject tcp with tcp-reset
- iptables: iptables:
chain: INPUT chain: INPUT
protocol: tcp protocol: tcp
reject_with: tcp-reset reject_with: tcp-reset
ip_version: ipv4 ip_version: ipv4
# Set tcp flags - name: Set tcp flags
- iptables: iptables:
chain: OUTPUT chain: OUTPUT
jump: DROP jump: DROP
protocol: tcp protocol: tcp
@ -381,7 +404,7 @@ EXAMPLES = '''
- name: iptables flush nat - name: iptables flush nat
iptables: iptables:
table: nat table: nat
chain: "{{ item }}" chain: '{{ item }}'
flush: yes flush: yes
with_items: [ 'INPUT', 'OUTPUT', 'PREROUTING', 'POSTROUTING' ] with_items: [ 'INPUT', 'OUTPUT', 'PREROUTING', 'POSTROUTING' ]
''' '''

View file

@ -1,5 +1,6 @@
#!/usr/bin/python #!/usr/bin/python
# # -*- coding: utf-8 -*-
# Copyright: (c) 2013, RSD Services S.A # Copyright: (c) 2013, RSD Services S.A
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -10,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: java_cert module: java_cert
version_added: '2.3' version_added: '2.3'
@ -21,62 +22,75 @@ description:
options: options:
cert_url: cert_url:
description: description:
- Basic URL to fetch SSL certificate from. One of cert_url or cert_path is required to load certificate. - Basic URL to fetch SSL certificate from.
- One of iC(cert_url) or C(cert_path) is required to load certificate.
type: str
cert_port: cert_port:
description: description:
- Port to connect to URL. This will be used to create server URL:PORT - Port to connect to URL.
- This will be used to create server URL:PORT.
type: int
default: 443 default: 443
cert_path: cert_path:
description: description:
- Local path to load certificate from. One of cert_url or cert_path is required to load certificate. - Local path to load certificate from.
- One of cert_url or cert_path is required to load certificate.
type: path
cert_alias: cert_alias:
description: description:
- Imported certificate alias. The alias is used when checking for the - Imported certificate alias.
presence of a certificate in the keystore. - The alias is used when checking for the presence of a certificate in the keystore.
type: str
pkcs12_path: pkcs12_path:
description: description:
- Local path to load PKCS12 keystore from. - Local path to load PKCS12 keystore from.
type: path
version_added: "2.4" version_added: "2.4"
pkcs12_password: pkcs12_password:
description: description:
- Password for importing from PKCS12 keystore. - Password for importing from PKCS12 keystore.
type: str
default: '' default: ''
version_added: "2.4" version_added: "2.4"
pkcs12_alias: pkcs12_alias:
description: description:
- Alias in the PKCS12 keystore. - Alias in the PKCS12 keystore.
default: 1 type: str
version_added: "2.4" version_added: "2.4"
keystore_path: keystore_path:
description: description:
- Path to keystore. - Path to keystore.
type: path
keystore_pass: keystore_pass:
description: description:
- Keystore password. - Keystore password.
type: str
required: true required: true
keystore_create: keystore_create:
description: description:
- Create keystore if it doesn't exist - Create keystore if it does not exist.
type: bool type: bool
keystore_type: keystore_type:
description: description:
- Keystore type (JCEKS, JKS). - Keystore type (JCEKS, JKS).
default: None type: str
version_added: "2.8" version_added: "2.8"
executable: executable:
description: description:
- Path to keytool binary if not used we search in PATH for it. - Path to keytool binary if not used we search in PATH for it.
type: str
default: keytool default: keytool
state: state:
description: description:
- Defines action which can be either certificate import or removal. - Defines action which can be either certificate import or removal.
type: str
choices: [ absent, present ] choices: [ absent, present ]
default: present default: present
author: author:
- Adam Hamsik (@haad) - Adam Hamsik (@haad)
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Import SSL certificate from google.com to a given cacerts keystore - name: Import SSL certificate from google.com to a given cacerts keystore
java_cert: java_cert:
cert_url: google.com cert_url: google.com
@ -123,7 +137,7 @@ EXAMPLES = '''
state: present state: present
''' '''
RETURN = ''' RETURN = r'''
msg: msg:
description: Output from stdout of keytool command after execution of given command. description: Output from stdout of keytool command after execution of given command.
returned: success returned: success
@ -131,13 +145,13 @@ msg:
sample: "Module require existing keystore at keystore_path '/tmp/test/cacerts'" sample: "Module require existing keystore at keystore_path '/tmp/test/cacerts'"
rc: rc:
description: Keytool command execution return value description: Keytool command execution return value.
returned: success returned: success
type: int type: int
sample: "0" sample: "0"
cmd: cmd:
description: Executed command to get action done description: Executed command to get action done.
returned: success returned: success
type: str type: str
sample: "keytool -importcert -noprompt -keystore" sample: "keytool -importcert -noprompt -keystore"
@ -310,11 +324,11 @@ def main():
pkcs12_password=dict(type='str', no_log=True), pkcs12_password=dict(type='str', no_log=True),
pkcs12_alias=dict(type='str'), pkcs12_alias=dict(type='str'),
cert_alias=dict(type='str'), cert_alias=dict(type='str'),
cert_port=dict(type='int', default='443'), cert_port=dict(type='int', default=443),
keystore_path=dict(type='path'), keystore_path=dict(type='path'),
keystore_pass=dict(type='str', required=True, no_log=True), keystore_pass=dict(type='str', required=True, no_log=True),
keystore_create=dict(type='bool', default=False), keystore_create=dict(type='bool', default=False),
keystore_type=dict(type='str', default=None), keystore_type=dict(type='str'),
executable=dict(type='str', default='keytool'), executable=dict(type='str', default='keytool'),
state=dict(type='str', default='present', choices=['absent', 'present']), state=dict(type='str', default='present', choices=['absent', 'present']),
) )

View file

@ -1,23 +1,22 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# (c) 2015, Linus Unnebäck <linus@folkdatorn.se> # Copyright: (c) 2015, Linus Unnebäck <linus@folkdatorn.se>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function from __future__ import absolute_import, division, print_function
__metaclass__ = type __metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1', ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = r'''
DOCUMENTATION = '''
--- ---
module: make module: make
short_description: Run targets in a Makefile short_description: Run targets in a Makefile
requirements: [ make ] requirements:
- make
version_added: "2.1" version_added: "2.1"
author: Linus Unnebäck (@LinusU) <linus@folkdatorn.se> author: Linus Unnebäck (@LinusU) <linus@folkdatorn.se>
description: description:
@ -26,21 +25,25 @@ options:
target: target:
description: description:
- The target to run. - The target to run.
- "Examples: C(install) or C(test)" - Typically this would be something like C(install),C(test) or C(all)."
type: str
params: params:
description: description:
- Any extra parameters to pass to make - Any extra parameters to pass to make.
type: dict
chdir: chdir:
description: description:
- Change to this directory before running make - Change to this directory before running make.
type: path
required: true required: true
file: file:
description: description:
- Use a custom Makefile - Use a custom Makefile.
version_added: 2.5 type: path
version_added: '2.5'
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Build the default target - name: Build the default target
make: make:
chdir: /home/ubuntu/cool-project chdir: /home/ubuntu/cool-project
@ -66,9 +69,7 @@ EXAMPLES = '''
file: /some-project/Makefile file: /some-project/Makefile
''' '''
# TODO: Disabled the RETURN as it was breaking docs building. Someone needs to RETURN = r'''# '''
# fix this
RETURN = '''# '''
from ansible.module_utils.six import iteritems from ansible.module_utils.six import iteritems
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
@ -105,13 +106,13 @@ def sanitize_output(output):
def main(): def main():
module = AnsibleModule( module = AnsibleModule(
supports_check_mode=True,
argument_spec=dict( argument_spec=dict(
target=dict(required=False, default=None, type='str'), target=dict(type='str'),
params=dict(required=False, default=None, type='dict'), params=dict(type='dict'),
chdir=dict(required=True, default=None, type='path'), chdir=dict(type='path', required=True),
file=dict(required=False, default=None, type='path') file=dict(type='path'),
), ),
supports_check_mode=True,
) )
# Build up the invocation of `make` we are going to use # Build up the invocation of `make` we are going to use
# For non-Linux OSes, prefer gmake (GNU make) over make # For non-Linux OSes, prefer gmake (GNU make) over make

View file

@ -13,7 +13,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'core'} 'supported_by': 'core'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: mount module: mount
short_description: Control active and configured mount points short_description: Control active and configured mount points
@ -27,33 +27,41 @@ options:
path: path:
description: description:
- Path to the mount point (e.g. C(/mnt/files)). - Path to the mount point (e.g. C(/mnt/files)).
- Before 2.3 this option was only usable as I(dest), I(destfile) and - Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
I(name). type: path
required: true required: true
aliases: [ name ] aliases: [ name ]
src: src:
description: description:
- Device to be mounted on I(path). Required when I(state) set to - Device to be mounted on I(path).
C(present) or C(mounted). - Required when I(state) set to C(present) or C(mounted).
type: path
fstype: fstype:
description: description:
- Filesystem type. Required when I(state) is C(present) or C(mounted). - Filesystem type.
- Required when I(state) is C(present) or C(mounted).
type: str
opts: opts:
description: description:
- Mount options (see fstab(5), or vfstab(4) on Solaris). - Mount options (see fstab(5), or vfstab(4) on Solaris).
type: str
dump: dump:
description: description:
- Dump (see fstab(5)). Note that if set to C(null) and I(state) set to - Dump (see fstab(5)).
C(present), it will cease to work and duplicate entries will be made - Note that if set to C(null) and I(state) set to C(present),
it will cease to work and duplicate entries will be made
with subsequent runs. with subsequent runs.
- Has no effect on Solaris systems. - Has no effect on Solaris systems.
type: str
default: 0 default: 0
passno: passno:
description: description:
- Passno (see fstab(5)). Note that if set to C(null) and I(state) set to - Passno (see fstab(5)).
C(present), it will cease to work and duplicate entries will be made - Note that if set to C(null) and I(state) set to C(present),
it will cease to work and duplicate entries will be made
with subsequent runs. with subsequent runs.
- Deprecated on Solaris systems. - Deprecated on Solaris systems.
type: str
default: 0 default: 0
state: state:
description: description:
@ -66,38 +74,38 @@ options:
- C(absent) specifies that the device mount's entry will be removed from - C(absent) specifies that the device mount's entry will be removed from
I(fstab) and will also unmount the device and remove the mount I(fstab) and will also unmount the device and remove the mount
point. point.
type: str
required: true required: true
choices: [ absent, mounted, present, unmounted ] choices: [ absent, mounted, present, unmounted ]
fstab: fstab:
description: description:
- File to use instead of C(/etc/fstab). You shouldn't use this option - File to use instead of C(/etc/fstab).
unless you really know what you are doing. This might be useful if - You should npt use this option unless you really know what you are doing.
you need to configure mountpoints in a chroot environment. OpenBSD - This might be useful if you need to configure mountpoints in a chroot environment.
does not allow specifying alternate fstab files with mount so do not - OpenBSD does not allow specifying alternate fstab files with mount so do not
use this on OpenBSD with any state that operates on the live use this on OpenBSD with any state that operates on the live filesystem.
filesystem. - This parameter defaults to /etc/fstab or /etc/vfstab on Solaris.
default: /etc/fstab (/etc/vfstab on Solaris) type: str
boot: boot:
description: description:
- Determines if the filesystem should be mounted on boot. - Determines if the filesystem should be mounted on boot.
- Only applies to Solaris systems. - Only applies to Solaris systems.
type: bool type: bool
default: 'yes' default: yes
version_added: '2.2' version_added: '2.2'
backup: backup:
description: description:
- Create a backup file including the timestamp information so you can get - Create a backup file including the timestamp information so you can get
the original file back if you somehow clobbered it incorrectly. the original file back if you somehow clobbered it incorrectly.
required: false
type: bool type: bool
default: "no" default: no
version_added: '2.5' version_added: '2.5'
notes: notes:
- As of Ansible 2.3, the I(name) option has been changed to I(path) as - As of Ansible 2.3, the I(name) option has been changed to I(path) as
default, but I(name) still works as well. default, but I(name) still works as well.
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Before 2.3, option 'name' was used instead of 'path' # Before 2.3, option 'name' was used instead of 'path'
- name: Mount DVD read-only - name: Mount DVD read-only
mount: mount:
@ -583,7 +591,7 @@ def main():
opts=dict(type='str'), opts=dict(type='str'),
passno=dict(type='str'), passno=dict(type='str'),
src=dict(type='path'), src=dict(type='path'),
backup=dict(default=False, type='bool'), backup=dict(type='bool', default=False),
state=dict(type='str', required=True, choices=['absent', 'mounted', 'present', 'unmounted']), state=dict(type='str', required=True, choices=['absent', 'mounted', 'present', 'unmounted']),
), ),
supports_check_mode=True, supports_check_mode=True,

View file

@ -1,23 +1,23 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# (c) 2013, Serge van Ginderachter <serge@vanginderachter.be> # Copyright: (c) 2013, Serge van Ginderachter <serge@vanginderachter.be>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function from __future__ import absolute_import, division, print_function
__metaclass__ = type __metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1', ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: open_iscsi module: open_iscsi
author: "Serge van Ginderachter (@srvg)" author:
- Serge van Ginderachter (@srvg)
version_added: "1.4" version_added: "1.4"
short_description: Manage iscsi targets with open-iscsi short_description: Manage iSCSI targets with Open-iSCSI
description: description:
- Discover targets on given portal, (dis)connect targets, mark targets to - Discover targets on given portal, (dis)connect targets, mark targets to
manually or auto start, return device nodes of connected targets. manually or auto start, return device nodes of connected targets.
@ -25,85 +25,80 @@ requirements:
- open_iscsi library and tools (iscsiadm) - open_iscsi library and tools (iscsiadm)
options: options:
portal: portal:
required: false
aliases: [ip]
description: description:
- the ip address of the iscsi target - The IP address of the iSCSI target.
type: str
aliases: [ ip ]
port: port:
required: false description:
- The port on which the iSCSI target process listens.
type: str
default: 3260 default: 3260
description:
- the port on which the iscsi target process listens
target: target:
required: false
aliases: [name, targetname]
description: description:
- the iscsi target name - The iSCSI target name.
type: str
aliases: [ name, targetname ]
login: login:
required: false
type: bool
description: description:
- whether the target node should be connected - Whether the target node should be connected.
type: bool
aliases: [ state ]
node_auth: node_auth:
required: false description:
- The value for C(discovery.sendtargets.auth.authmethod).
type: str
default: CHAP default: CHAP
description:
- discovery.sendtargets.auth.authmethod
node_user: node_user:
required: false
description: description:
- discovery.sendtargets.auth.username - The value for C(discovery.sendtargets.auth.username).
type: str
node_pass: node_pass:
required: false
description: description:
- discovery.sendtargets.auth.password - The value for C(discovery.sendtargets.auth.password).
type: str
auto_node_startup: auto_node_startup:
aliases: [automatic]
required: false
type: bool
description: description:
- whether the target node should be automatically connected at startup - Whether the target node should be automatically connected at startup.
type: bool
aliases: [ automatic ]
discover: discover:
required: false
type: bool
description: description:
- whether the list of target nodes on the portal should be - Whether the list of target nodes on the portal should be
(re)discovered and added to the persistent iscsi database. (re)discovered and added to the persistent iSCSI database.
Keep in mind that iscsiadm discovery resets configurtion, like node.startup - Keep in mind that C(iscsiadm) discovery resets configuration, like C(node.startup)
to manual, hence combined with auto_node_startup=yes will always return to manual, hence combined with C(auto_node_startup=yes) will always return
a changed state. a changed state.
show_nodes:
required: false
type: bool type: bool
show_nodes:
description: description:
- whether the list of nodes in the persistent iscsi database should be - Whether the list of nodes in the persistent iSCSI database should be returned by the module.
returned by the module type: bool
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# perform a discovery on 10.1.2.3 and show available target nodes - name: Perform a discovery on 10.1.2.3 and show available target nodes
- open_iscsi: open_iscsi:
show_nodes: yes show_nodes: yes
discover: yes discover: yes
portal: 10.1.2.3 portal: 10.1.2.3
# discover targets on portal and login to the one available # NOTE: Only works if exactly one target is exported to the initiator
# (only works if exactly one target is exported to the initiator) - name: Discover targets on portal and login to the one available
- open_iscsi: open_iscsi:
portal: '{{ iscsi_target }}' portal: '{{ iscsi_target }}'
login: yes login: yes
discover: yes discover: yes
# description: connect to the named target, after updating the local - name: Connect to the named target, after updating the local persistent database (cache)
# persistent database (cache) open_iscsi:
- open_iscsi:
login: yes login: yes
target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d' target: iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d
# description: discconnect from the cached named target - name: Discconnect from the cached named target
- open_iscsi: open_iscsi:
login: no login: no
target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d' target: iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d
''' '''
import glob import glob
@ -256,23 +251,23 @@ def main():
argument_spec=dict( argument_spec=dict(
# target # target
portal=dict(required=False, aliases=['ip']), portal=dict(type='str', aliases=['ip']),
port=dict(required=False, default=3260), port=dict(type='str', default=3260),
target=dict(required=False, aliases=['name', 'targetname']), target=dict(type='str', aliases=['name', 'targetname']),
node_auth=dict(required=False, default='CHAP'), node_auth=dict(type='str', default='CHAP'),
node_user=dict(required=False), node_user=dict(type='str'),
node_pass=dict(required=False, no_log=True), node_pass=dict(type='str', no_log=True),
# actions # actions
login=dict(type='bool', aliases=['state']), login=dict(type='bool', aliases=['state']),
auto_node_startup=dict(type='bool', aliases=['automatic']), auto_node_startup=dict(type='bool', aliases=['automatic']),
discover=dict(type='bool', default=False), discover=dict(type='bool', default=False),
show_nodes=dict(type='bool', default=False) show_nodes=dict(type='bool', default=False),
), ),
required_together=[['discover_user', 'discover_pass'], required_together=[['discover_user', 'discover_pass'],
['node_user', 'node_pass']], ['node_user', 'node_pass']],
supports_check_mode=True supports_check_mode=True,
) )
global iscsiadm_cmd global iscsiadm_cmd

View file

@ -1,65 +1,77 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# (c) 2014, GeekChimp - Franck Nijhof <franck@geekchimp.com> # Copyright: (c) 2014, GeekChimp - Franck Nijhof <franck@geekchimp.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function from __future__ import absolute_import, division, print_function
__metaclass__ = type __metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1', ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['stableinterface'], 'status': ['stableinterface'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: osx_defaults module: osx_defaults
author: Franck Nijhof (@frenck) author:
short_description: osx_defaults allows users to read, write, and delete macOS user defaults from Ansible - Franck Nijhof (@frenck)
short_description: Manage macOS user defaults
description: description:
- osx_defaults allows users to read, write, and delete macOS user defaults from Ansible scripts. - osx_defaults allows users to read, write, and delete macOS user defaults from Ansible scripts.
macOS applications and other programs use the defaults system to record user preferences and other - macOS applications and other programs use the defaults system to record user preferences and other
information that must be maintained when the applications aren't running (such as default font for new information that must be maintained when the applications are not running (such as default font for new
documents, or the position of an Info panel). documents, or the position of an Info panel).
version_added: "2.0" version_added: "2.0"
options: options:
domain: domain:
description: description:
- The domain is a domain name of the form com.companyname.appname. - The domain is a domain name of the form C(com.companyname.appname).
type: str
default: NSGlobalDomain default: NSGlobalDomain
host: host:
description: description:
- The host on which the preference should apply. The special value "currentHost" corresponds to the - The host on which the preference should apply.
"-currentHost" switch of the defaults commandline tool. - The special value C(currentHost) corresponds to the C(-currentHost) switch of the defaults commandline tool.
type: str
version_added: "2.1" version_added: "2.1"
key: key:
description: description:
- The key of the user preference - The key of the user preference.
type: str
required: true required: true
type: type:
description: description:
- The type of value to write. - The type of value to write.
type: str
choices: [ array, bool, boolean, date, float, int, integer, string ]
default: string default: string
choices: [ "array", "bool", "boolean", "date", "float", "int", "integer", "string" ]
array_add: array_add:
description: description:
- Add new elements to the array for a key which has an array as its value. - Add new elements to the array for a key which has an array as its value.
type: bool type: bool
default: 'no' default: no
value: value:
description: description:
- The value to write. Only required when state = present. - The value to write.
- Only required when C(state=present).
type: raw
state: state:
description: description:
- The state of the user defaults - The state of the user defaults.
type: str
choices: [ absent, present ]
default: present default: present
choices: [ "present", "absent" ] path:
description:
- The path in which to search for C(osx_defaults).
type: str
default: /usr/bin:/usr/local/bin
notes: notes:
- Apple Mac caches defaults. You may need to logout and login to apply the changes. - Apple Mac caches defaults. You may need to logout and login to apply the changes.
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- osx_defaults: - osx_defaults:
domain: com.apple.Safari domain: com.apple.Safari
key: IncludeInternalDebugMenu key: IncludeInternalDebugMenu
@ -345,52 +357,14 @@ class OSXDefaults(object):
def main(): def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
domain=dict( domain=dict(type='str', default='NSGlobalDomain'),
default="NSGlobalDomain", host=dict(type='str'),
required=False, key=dict(type='str'),
), type=dict(type='str', default='string', choices=['array', 'bool', 'boolean', 'date', 'float', 'int', 'integer', 'string']),
host=dict( array_add=dict(type='bool', default=False),
default=None, value=dict(type='raw'),
required=False, state=dict(type='str', default='present', choices=['absent', 'present']),
), path=dict(type='str', default='/usr/bin:/usr/local/bin'),
key=dict(
default=None,
),
type=dict(
default="string",
required=False,
choices=[
"array",
"bool",
"boolean",
"date",
"float",
"int",
"integer",
"string",
],
),
array_add=dict(
default=False,
required=False,
type='bool',
),
value=dict(
default=None,
required=False,
type='raw'
),
state=dict(
default="present",
required=False,
choices=[
"absent", "present"
],
),
path=dict(
default="/usr/bin:/usr/local/bin",
required=False,
)
), ),
supports_check_mode=True, supports_check_mode=True,
) )

View file

@ -36,6 +36,7 @@ options:
- The C(type), C(control) and C(module_path) all must match a rule to be modified. - The C(type), C(control) and C(module_path) all must match a rule to be modified.
type: str type: str
required: true required: true
choices: [ account, -account, auth, -auth, password, -password, session, -session ]
control: control:
description: description:
- The control of the PAM rule being modified. - The control of the PAM rule being modified.
@ -54,6 +55,7 @@ options:
description: description:
- The new type to assign to the new rule. - The new type to assign to the new rule.
type: str type: str
choices: [ account, -account, auth, -auth, password, -password, session, -session ]
new_control: new_control:
description: description:
- The new control to assign to the new rule. - The new control to assign to the new rule.
@ -87,9 +89,9 @@ options:
default: updated default: updated
path: path:
description: description:
- This is the path to the PAM service files - This is the path to the PAM service files.
type: path type: path
default: /etc/pam.d/ default: /etc/pam.d
backup: backup:
description: description:
- Create a backup file including the timestamp information so you can - Create a backup file including the timestamp information so you can
@ -224,7 +226,7 @@ EXAMPLES = r'''
RETURN = r''' RETURN = r'''
change_count: change_count:
description: How many rules were changed description: How many rules were changed.
type: int type: int
sample: 1 sample: 1
returned: success returned: success
@ -791,9 +793,9 @@ def main():
("state", "before", ["new_module_path"]), ("state", "before", ["new_module_path"]),
("state", "after", ["new_control"]), ("state", "after", ["new_control"]),
("state", "after", ["new_type"]), ("state", "after", ["new_type"]),
("state", "after", ["new_module_path"]) ("state", "after", ["new_module_path"]),
] ],
) )
content = str() content = str()
fname = os.path.join(module.params["path"], module.params["name"]) fname = os.path.join(module.params["path"], module.params["name"])

View file

@ -1,4 +1,5 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: (c) 2015, Hewlett-Packard Development Company, L.P. # Copyright: (c) 2015, Hewlett-Packard Development Company, L.P.
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -10,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['stableinterface'], 'status': ['stableinterface'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: puppet module: puppet
short_description: Runs puppet short_description: Runs puppet
@ -21,65 +22,80 @@ options:
timeout: timeout:
description: description:
- How long to wait for I(puppet) to finish. - How long to wait for I(puppet) to finish.
type: str
default: 30m default: 30m
puppetmaster: puppetmaster:
description: description:
- The hostname of the puppetmaster to contact. - The hostname of the puppetmaster to contact.
type: str
modulepath: modulepath:
description: description:
- Path to an alternate location for puppet modules. - Path to an alternate location for puppet modules.
type: str
version_added: "2.4" version_added: "2.4"
manifest: manifest:
description: description:
- Path to the manifest file to run puppet apply on. - Path to the manifest file to run puppet apply on.
type: str
noop: noop:
description: description:
- Override puppet.conf noop mode. - Override puppet.conf noop mode.
- Undefined, use default or puppet.conf value if defined. - When C(yes), run Puppet agent with C(--noop) switch set.
- true, Run Puppet agent with C(--noop) switch set. - When C(no), run Puppet agent with C(--no-noop) switch set.
- false, Run Puppet agent with C(--no-noop) switch set. - When unset (default), use default or puppet.conf value if defined.
type: bool
version_added: "2.8" version_added: "2.8"
facts: facts:
description: description:
- A dict of values to pass in as persistent external facter facts. - A dict of values to pass in as persistent external facter facts.
type: dict
facter_basename: facter_basename:
description: description:
- Basename of the facter output file. - Basename of the facter output file.
type: str
default: ansible default: ansible
environment: environment:
description: description:
- Puppet environment to be used. - Puppet environment to be used.
type: str
logdest: logdest:
description: | description:
Where the puppet logs should go, if puppet apply is being used. C(all) - Where the puppet logs should go, if puppet apply is being used.
will go to both C(stdout) and C(syslog). - C(all) will go to both C(stdout) and C(syslog).
choices: [ stdout, syslog, all ] type: str
choices: [ all, stdout, syslog ]
default: stdout default: stdout
version_added: "2.1" version_added: "2.1"
certname: certname:
description: description:
- The name to use when handling certificates. - The name to use when handling certificates.
type: str
version_added: "2.1" version_added: "2.1"
tags: tags:
description: description:
- A comma-separated list of puppet tags to be used. - A list of puppet tags to be used.
type: list
version_added: "2.1" version_added: "2.1"
execute: execute:
description: description:
- Execute a specific piece of Puppet code. - Execute a specific piece of Puppet code.
- It has no effect with a puppetmaster. - It has no effect with a puppetmaster.
type: str
version_added: "2.1" version_added: "2.1"
summarize: summarize:
description: description:
- Whether to print a transaction summary - Whether to print a transaction summary.
type: bool
version_added: "2.7" version_added: "2.7"
verbose: verbose:
description: description:
- Print extra information - Print extra information.
type: bool
version_added: "2.7" version_added: "2.7"
debug: debug:
description: description:
- Enable full debugging - Enable full debugging.
type: bool
version_added: "2.7" version_added: "2.7"
requirements: requirements:
- puppet - puppet
@ -87,7 +103,7 @@ author:
- Monty Taylor (@emonty) - Monty Taylor (@emonty)
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Run puppet agent and fail if anything goes wrong - name: Run puppet agent and fail if anything goes wrong
puppet: puppet:
@ -109,11 +125,13 @@ EXAMPLES = '''
- name: Run puppet using a specific tags - name: Run puppet using a specific tags
puppet: puppet:
tags: update,nginx tags:
- update
- nginx
- name: Run puppet agent in noop mode - name: Run puppet agent in noop mode
puppet: puppet:
noop: true noop: yes
- name: Run a manifest with debug, log to both syslog and stdout, specify module path - name: Run a manifest with debug, log to both syslog and stdout, specify module path
puppet: puppet:
@ -160,9 +178,9 @@ def main():
modulepath=dict(type='str'), modulepath=dict(type='str'),
manifest=dict(type='str'), manifest=dict(type='str'),
noop=dict(required=False, type='bool'), noop=dict(required=False, type='bool'),
logdest=dict(type='str', default='stdout', choices=['stdout', logdest=dict(type='str', default='stdout', choices=['all',
'syslog', 'stdout',
'all']), 'syslog']),
# internal code to work with --diff, do not use # internal code to work with --diff, do not use
show_diff=dict(type='bool', default=False, aliases=['show-diff']), show_diff=dict(type='bool', default=False, aliases=['show-diff']),
facts=dict(type='dict'), facts=dict(type='dict'),
@ -179,7 +197,7 @@ def main():
mutually_exclusive=[ mutually_exclusive=[
('puppetmaster', 'manifest'), ('puppetmaster', 'manifest'),
('puppetmaster', 'manifest', 'execute'), ('puppetmaster', 'manifest', 'execute'),
('puppetmaster', 'modulepath') ('puppetmaster', 'modulepath'),
], ],
) )
p = module.params p = module.params

View file

@ -1,6 +1,6 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
#
# Copyright: (c) 2015, Brian Coca <bcoca@ansible.com> # Copyright: (c) 2015, Brian Coca <bcoca@ansible.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -13,19 +13,20 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
# This is a modification of @bcoca's `svc` module # This is a modification of @bcoca's `svc` module
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: runit module: runit
author: author:
- James Sumners (@jsumners) - James Sumners (@jsumners)
version_added: "2.3" version_added: "2.3"
short_description: Manage runit services short_description: Manage runit services
description: description:
- Controls runit services on remote hosts using the sv utility. - Controls runit services on remote hosts using the sv utility.
options: options:
name: name:
description: description:
- Name of the service to manage. - Name of the service to manage.
type: str
required: yes required: yes
state: state:
description: description:
@ -35,6 +36,7 @@ options:
C(reloaded) will send a HUP (sv reload). C(reloaded) will send a HUP (sv reload).
C(once) will run a normally downed sv once (sv once), not really C(once) will run a normally downed sv once (sv once), not really
an idempotent operation. an idempotent operation.
type: str
choices: [ killed, once, reloaded, restarted, started, stopped ] choices: [ killed, once, reloaded, restarted, started, stopped ]
enabled: enabled:
description: description:
@ -43,14 +45,16 @@ options:
service_dir: service_dir:
description: description:
- directory runsv watches for services - directory runsv watches for services
type: str
default: /var/service default: /var/service
service_src: service_src:
description: description:
- directory where services are defined, the source of symlinks to service_dir. - directory where services are defined, the source of symlinks to service_dir.
type: str
default: /etc/sv default: /etc/sv
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Start sv dnscache, if not running - name: Start sv dnscache, if not running
runit: runit:
name: dnscache name: dnscache
@ -85,7 +89,6 @@ EXAMPLES = '''
import os import os
import re import re
import traceback
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_native from ansible.module_utils._text import to_native
@ -226,7 +229,7 @@ class Sv(object):
try: try:
(rc, out, err) = self.module.run_command(' '.join(cmd)) (rc, out, err) = self.module.run_command(' '.join(cmd))
except Exception as e: except Exception as e:
self.module.fail_json(msg="failed to execute: %s" % to_native(e), exception=traceback.format_exc()) self.module.fail_json(msg="failed to execute: %s" % to_native(e))
return (rc, out, err) return (rc, out, err)
def report(self): def report(self):
@ -268,7 +271,7 @@ def main():
else: else:
sv.disable() sv.disable()
except (OSError, IOError) as e: except (OSError, IOError) as e:
module.fail_json(msg="Could not change service link: %s" % to_native(e), exception=traceback.format_exc()) module.fail_json(msg="Could not change service link: %s" % to_native(e))
if state is not None and state != sv.state: if state is not None and state != sv.state:
changed = True changed = True

View file

@ -1,4 +1,5 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: (c) 2016, Dag Wieers (@dagwieers) <dag@wieers.com> # Copyright: (c) 2016, Dag Wieers (@dagwieers) <dag@wieers.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -38,10 +39,12 @@ options:
- C(p) for named pipes, - C(p) for named pipes,
- C(s) for socket files. - C(s) for socket files.
type: str type: str
choices: [ a, b, c, d, f, l, p, s ]
default: a default: a
setype: setype:
description: description:
- SELinux type for the specified target. - SELinux type for the specified target.
type: str
required: yes required: yes
seuser: seuser:
description: description:
@ -63,12 +66,12 @@ options:
- Reload SELinux policy after commit. - Reload SELinux policy after commit.
- Note that this does not apply SELinux file contexts to existing files. - Note that this does not apply SELinux file contexts to existing files.
type: bool type: bool
default: 'yes' default: yes
ignore_selinux_state: ignore_selinux_state:
description: description:
- Useful for scenarios (chrooted environment) that you can't get the real SELinux state. - Useful for scenarios (chrooted environment) that you can't get the real SELinux state.
type: bool type: bool
default: false default: no
version_added: '2.8' version_added: '2.8'
notes: notes:
- The changes are persistent across reboots. - The changes are persistent across reboots.
@ -125,7 +128,7 @@ except ImportError:
# Add missing entries (backward compatible) # Add missing entries (backward compatible)
if HAVE_SEOBJECT: if HAVE_SEOBJECT:
seobject.file_types.update(dict( seobject.file_types.update(
a=seobject.SEMANAGE_FCONTEXT_ALL, a=seobject.SEMANAGE_FCONTEXT_ALL,
b=seobject.SEMANAGE_FCONTEXT_BLOCK, b=seobject.SEMANAGE_FCONTEXT_BLOCK,
c=seobject.SEMANAGE_FCONTEXT_CHAR, c=seobject.SEMANAGE_FCONTEXT_CHAR,
@ -134,7 +137,7 @@ if HAVE_SEOBJECT:
l=seobject.SEMANAGE_FCONTEXT_LINK, l=seobject.SEMANAGE_FCONTEXT_LINK,
p=seobject.SEMANAGE_FCONTEXT_PIPE, p=seobject.SEMANAGE_FCONTEXT_PIPE,
s=seobject.SEMANAGE_FCONTEXT_SOCK, s=seobject.SEMANAGE_FCONTEXT_SOCK,
)) )
# Make backward compatible # Make backward compatible
option_to_file_type_str = dict( option_to_file_type_str = dict(
@ -252,7 +255,7 @@ def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
ignore_selinux_state=dict(type='bool', default=False), ignore_selinux_state=dict(type='bool', default=False),
target=dict(required=True, aliases=['path']), target=dict(type='str', required=True, aliases=['path']),
ftype=dict(type='str', default='a', choices=option_to_file_type_str.keys()), ftype=dict(type='str', default='a', choices=option_to_file_type_str.keys()),
setype=dict(type='str', required=True), setype=dict(type='str', required=True),
seuser=dict(type='str'), seuser=dict(type='str'),

View file

@ -1,86 +1,85 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# (c) 2012, Derek Carter<goozbach@friocorte.com> # Copyright: (c) 2012, Derek Carter<goozbach@friocorte.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function from __future__ import absolute_import, division, print_function
__metaclass__ = type __metaclass__ = type
ANSIBLE_METADATA = { ANSIBLE_METADATA = {
'metadata_version': '1.1', 'metadata_version': '1.1',
'status': ['stableinterface'], 'status': ['stableinterface'],
'supported_by': 'core' 'supported_by': 'core'
} }
DOCUMENTATION = r'''
DOCUMENTATION = '''
--- ---
module: selinux module: selinux
short_description: Change policy and state of SELinux short_description: Change policy and state of SELinux
description: description:
- Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue this reboot but will let you know when it is required. - Configures the SELinux mode and policy.
- A reboot may be required after usage.
- Ansible will not issue this reboot but will let you know when it is required.
version_added: "0.7" version_added: "0.7"
options: options:
policy: policy:
description: description:
- "name of the SELinux policy to use (example: C(targeted)) will be required if state is not C(disabled)" - The name of the SELinux policy to use (e.g. C(targeted)) will be required if state is not C(disabled).
state: state:
description: description:
- The SELinux mode - The SELinux mode.
required: true required: true
choices: [ "enforcing", "permissive", "disabled" ] choices: [ disabled, enforcing, permissive ]
conf: configfile:
description: description:
- path to the SELinux configuration file, if non-standard - The path to the SELinux configuration file, if non-standard.
default: "/etc/selinux/config" default: /etc/selinux/config
aliases: ['configfile', 'file'] aliases: [ conf, file ]
notes:
- Not tested on any debian based system
requirements: [ libselinux-python ] requirements: [ libselinux-python ]
author: "Derek Carter (@goozbach) <goozbach@friocorte.com>" author:
- Derek Carter (@goozbach) <goozbach@friocorte.com>
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Enable SELinux - name: Enable SELinux
- selinux: selinux:
policy: targeted policy: targeted
state: enforcing state: enforcing
# Put SELinux in permissive mode, logging actions that would be blocked. - name: Put SELinux in permissive mode, logging actions that would be blocked.
- selinux: selinux:
policy: targeted policy: targeted
state: permissive state: permissive
# Disable SELinux - name: Disable SELinux
- selinux: selinux:
state: disabled state: disabled
''' '''
RETURN = ''' RETURN = r'''
msg: msg:
description: Messages that describe changes that were made description: Messages that describe changes that were made.
returned: always returned: always
type: str type: str
sample: Config SELinux state changed from 'disabled' to 'permissive' sample: Config SELinux state changed from 'disabled' to 'permissive'
configfile: configfile:
description: Path to SELinux configuration file description: Path to SELinux configuration file.
returned: always returned: always
type: str type: str
sample: /etc/selinux/config sample: /etc/selinux/config
policy: policy:
description: Name of the SELinux policy description: Name of the SELinux policy.
returned: always returned: always
type: str type: str
sample: targeted sample: targeted
state: state:
description: SELinux mode description: SELinux mode.
returned: always returned: always
type: str type: str
sample: enforcing sample: enforcing
reboot_required: reboot_required:
description: Whether or not an reboot is required for the changes to take effect description: Whether or not an reboot is required for the changes to take effect.
returned: always returned: always
type: bool type: bool
sample: true sample: true
@ -171,11 +170,11 @@ def set_config_policy(module, policy, configfile):
def main(): def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
policy=dict(required=False), policy=dict(type='str'),
state=dict(choices=['enforcing', 'permissive', 'disabled'], required=True), state=dict(type='str', required='True', choices=['enforcing', 'permissive', 'disabled']),
configfile=dict(aliases=['conf', 'file'], default='/etc/selinux/config') configfile=dict(type='str', default='/etc/selinux/config', aliases=['conf', 'file']),
), ),
supports_check_mode=True supports_check_mode=True,
) )
if not HAS_SELINUX: if not HAS_SELINUX:
@ -210,7 +209,7 @@ def main():
# check to see if policy is set if state is not 'disabled' # check to see if policy is set if state is not 'disabled'
if state != 'disabled': if state != 'disabled':
if not policy: if not policy:
module.fail_json(msg='Policy is required if state is not \'disabled\'') module.fail_json(msg="Policy is required if state is not 'disabled'")
else: else:
if not policy: if not policy:
policy = config_policy policy = config_policy
@ -220,14 +219,14 @@ def main():
if module.check_mode: if module.check_mode:
module.exit_json(changed=True) module.exit_json(changed=True)
# cannot change runtime policy # cannot change runtime policy
msgs.append('Running SELinux policy changed from \'%s\' to \'%s\'' % (runtime_policy, policy)) msgs.append("Running SELinux policy changed from '%s' to '%s'" % (runtime_policy, policy))
changed = True changed = True
if policy != config_policy: if policy != config_policy:
if module.check_mode: if module.check_mode:
module.exit_json(changed=True) module.exit_json(changed=True)
set_config_policy(module, policy, configfile) set_config_policy(module, policy, configfile)
msgs.append('SELinux policy configuration in \'%s\' changed from \'%s\' to \'%s\'' % (configfile, config_policy, policy)) msgs.append("SELinux policy configuration in '%s' changed from '%s' to '%s'" % (configfile, config_policy, policy))
changed = True changed = True
if state != runtime_state: if state != runtime_state:
@ -237,7 +236,7 @@ def main():
# Temporarily set state to permissive # Temporarily set state to permissive
if not module.check_mode: if not module.check_mode:
set_state(module, 'permissive') set_state(module, 'permissive')
module.warn('SELinux state temporarily changed from \'%s\' to \'permissive\'. State change will take effect next reboot.' % (runtime_state)) module.warn("SELinux state temporarily changed from '%s' to 'permissive'. State change will take effect next reboot." % (runtime_state))
changed = True changed = True
else: else:
module.warn('SELinux state change will take effect next reboot') module.warn('SELinux state change will take effect next reboot')
@ -245,19 +244,19 @@ def main():
else: else:
if not module.check_mode: if not module.check_mode:
set_state(module, state) set_state(module, state)
msgs.append('SELinux state changed from \'%s\' to \'%s\'' % (runtime_state, state)) msgs.append("SELinux state changed from '%s' to '%s'" % (runtime_state, state))
# Only report changes if the file is changed. # Only report changes if the file is changed.
# This prevents the task from reporting changes every time the task is run. # This prevents the task from reporting changes every time the task is run.
changed = True changed = True
else: else:
module.warn("Reboot is required to set SELinux state to %s" % state) module.warn("Reboot is required to set SELinux state to '%s'" % state)
reboot_required = True reboot_required = True
if state != config_state: if state != config_state:
if not module.check_mode: if not module.check_mode:
set_config_state(module, state, configfile) set_config_state(module, state, configfile)
msgs.append('Config SELinux state changed from \'%s\' to \'%s\'' % (config_state, state)) msgs.append("Config SELinux state changed from '%s' to '%s'" % (config_state, state))
changed = True changed = True
module.exit_json(changed=changed, msg=', '.join(msgs), configfile=configfile, policy=policy, state=state, reboot_required=reboot_required) module.exit_json(changed=changed, msg=', '.join(msgs), configfile=configfile, policy=policy, state=state, reboot_required=reboot_required)

View file

@ -1,20 +1,18 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# (c) 2015, Michael Scherer <misc@zarb.org> # Copyright: (c) 2015, Michael Scherer <misc@zarb.org>
# inspired by code of github.com/dandiker/ # inspired by code of github.com/dandiker/
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function from __future__ import absolute_import, division, print_function
__metaclass__ = type __metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1', ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = r'''
DOCUMENTATION = '''
--- ---
module: selinux_permissive module: selinux_permissive
short_description: Change permissive domain in SELinux policy short_description: Change permissive domain in SELinux policy
@ -25,29 +23,34 @@ options:
domain: domain:
description: description:
- The domain that will be added or removed from the list of permissive domains. - The domain that will be added or removed from the list of permissive domains.
type: str
required: true required: true
default: ''
aliases: [ name ]
permissive: permissive:
description: description:
- Indicate if the domain should or should not be set as permissive. - Indicate if the domain should or should not be set as permissive.
required: true
type: bool type: bool
required: true
no_reload: no_reload:
description: description:
- Disable reloading of the SELinux policy after making change to a domain's permissive setting. - Disable reloading of the SELinux policy after making change to a domain's permissive setting.
- The default is C(no), which causes policy to be reloaded when a domain changes state. - The default is C(no), which causes policy to be reloaded when a domain changes state.
- Reloading the policy does not work on older versions of the C(policycoreutils-python) library, for example in EL 6." - Reloading the policy does not work on older versions of the C(policycoreutils-python) library, for example in EL 6."
type: bool type: bool
default: 'no' default: no
store: store:
description: description:
- "Name of the SELinux policy store to use." - Name of the SELinux policy store to use.
type: str
notes: notes:
- Requires a recent version of SELinux and C(policycoreutils-python) (EL 6 or newer). - Requires a recent version of SELinux and C(policycoreutils-python) (EL 6 or newer).
requirements: [ policycoreutils-python ] requirements: [ policycoreutils-python ]
author: Michael Scherer (@mscherer) <misc@zarb.org> author:
- Michael Scherer (@mscherer) <misc@zarb.org>
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Change the httpd_t domain to permissive - name: Change the httpd_t domain to permissive
selinux_permissive: selinux_permissive:
name: httpd_t name: httpd_t
@ -71,12 +74,12 @@ from ansible.module_utils._text import to_native
def main(): def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
domain=dict(aliases=['name'], required=True), domain=dict(type='str', required=True, aliases=['name']),
store=dict(required=False, default=''), store=dict(type='str', default=''),
permissive=dict(type='bool', required=True), permissive=dict(type='bool', required=True),
no_reload=dict(type='bool', required=False, default=False), no_reload=dict(type='bool', default=False),
), ),
supports_check_mode=True supports_check_mode=True,
) )
# global vars # global vars

View file

@ -1,4 +1,5 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: (c) 2014, Dan Keder <dan.keder@gmail.com> # Copyright: (c) 2014, Dan Keder <dan.keder@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -10,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: seport module: seport
short_description: Manages SELinux network port type definitions short_description: Manages SELinux network port type definitions
@ -20,33 +21,37 @@ version_added: "2.0"
options: options:
ports: ports:
description: description:
- Ports or port ranges. Can be a list (since 2.6) or comma separated string. - Ports or port ranges.
- Can be a list (since 2.6) or comma separated string.
type: list
required: true required: true
proto: proto:
description: description:
- Protocol for the specified port. - Protocol for the specified port.
type: str
required: true required: true
choices: [ tcp, udp ] choices: [ tcp, udp ]
setype: setype:
description: description:
- SELinux type for the specified port. - SELinux type for the specified port.
type: str
required: true required: true
state: state:
description: description:
- Desired boolean value. - Desired boolean value.
required: true type: str
choices: [ absent, present ] choices: [ absent, present ]
default: present default: present
reload: reload:
description: description:
- Reload SELinux policy after commit. - Reload SELinux policy after commit.
type: bool type: bool
default: 'yes' default: yes
ignore_selinux_state: ignore_selinux_state:
description: description:
- Run independent of selinux runtime state - Run independent of selinux runtime state
type: bool type: bool
default: false default: no
version_added: '2.8' version_added: '2.8'
notes: notes:
- The changes are persistent across reboots. - The changes are persistent across reboots.
@ -58,7 +63,7 @@ author:
- Dan Keder (@dankeder) - Dan Keder (@dankeder)
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Allow Apache to listen on tcp port 8888 - name: Allow Apache to listen on tcp port 8888
seport: seport:
ports: 8888 ports: 8888
@ -258,7 +263,7 @@ def main():
ports=dict(type='list', required=True), ports=dict(type='list', required=True),
proto=dict(type='str', required=True, choices=['tcp', 'udp']), proto=dict(type='str', required=True, choices=['tcp', 'udp']),
setype=dict(type='str', required=True), setype=dict(type='str', required=True),
state=dict(type='str', required=True, choices=['absent', 'present']), state=dict(type='str', default='present', choices=['absent', 'present']),
reload=dict(type='bool', default=True), reload=dict(type='bool', default=True),
), ),
supports_check_mode=True, supports_check_mode=True,

View file

@ -72,8 +72,8 @@ options:
aliases: [ args ] aliases: [ args ]
use: use:
description: description:
- The service module actually uses system specific modules, normally through auto detection, this setting can force a specific module. - The service module actually uses system specific modules, normally through auto detection, this setting can force a specific module.
- Normally it uses the value of the 'ansible_service_mgr' fact and falls back to the old 'service' module when none matching is found. - Normally it uses the value of the 'ansible_service_mgr' fact and falls back to the old 'service' module when none matching is found.
type: str type: str
default: auto default: auto
version_added: 2.2 version_added: 2.2

View file

@ -1,6 +1,7 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2015, Paul Markham <pmarkham@netrefinery.com> # Copyright: (c) 2015, Paul Markham <pmarkham@netrefinery.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function from __future__ import absolute_import, division, print_function
@ -10,13 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: solaris_zone module: solaris_zone
short_description: Manage Solaris zones short_description: Manage Solaris zones
description: description:
- Create, start, stop and delete Solaris zones. This module doesn't currently allow - Create, start, stop and delete Solaris zones.
changing of options for a zone that's already been created. - This module does not currently allow changing of options for a zone that is already been created.
version_added: "2.0" version_added: "2.0"
author: author:
- Paul Markham (@pmarkham) - Paul Markham (@pmarkham)
@ -35,50 +36,59 @@ options:
- C(configured), configure the ready so that it's to be attached. - C(configured), configure the ready so that it's to be attached.
- C(attached), attach a zone, but do not boot it. - C(attached), attach a zone, but do not boot it.
- C(detached), shutdown and detach a zone - C(detached), shutdown and detach a zone
type: str
choices: [ absent, attached, configured, detached, installed, present, running, started, stopped ] choices: [ absent, attached, configured, detached, installed, present, running, started, stopped ]
default: present default: present
required: true required: true
name: name:
description: description:
- Zone name. - Zone name.
type: str
required: true required: true
path: path:
description: description:
- The path where the zone will be created. This is required when the zone is created, but not - The path where the zone will be created. This is required when the zone is created, but not
used otherwise. used otherwise.
type: str
sparse: sparse:
description: description:
- Whether to create a sparse (C(true)) or whole root (C(false)) zone. - Whether to create a sparse (C(true)) or whole root (C(false)) zone.
type: bool type: bool
default: 'no' default: no
root_password: root_password:
description: description:
- The password hash for the root account. If not specified, the zone's root account - The password hash for the root account. If not specified, the zone's root account
will not have a password. will not have a password.
type: str
config: config:
description: description:
- 'The zonecfg configuration commands for this zone. See zonecfg(1M) for the valid options - 'The zonecfg configuration commands for this zone. See zonecfg(1M) for the valid options
and syntax. Typically this is a list of options separated by semi-colons or new lines, e.g. and syntax. Typically this is a list of options separated by semi-colons or new lines, e.g.
"set auto-boot=true;add net;set physical=bge0;set address=10.1.1.1;end"' "set auto-boot=true;add net;set physical=bge0;set address=10.1.1.1;end"'
default: empty string type: str
default: ''
create_options: create_options:
description: description:
- 'Extra options to the zonecfg(1M) create command.' - 'Extra options to the zonecfg(1M) create command.'
default: empty string type: str
default: ''
install_options: install_options:
description: description:
- 'Extra options to the zoneadm(1M) install command. To automate Solaris 11 zone creation, - 'Extra options to the zoneadm(1M) install command. To automate Solaris 11 zone creation,
use this to specify the profile XML file, e.g. install_options="-c sc_profile.xml"' use this to specify the profile XML file, e.g. install_options="-c sc_profile.xml"'
default: empty string type: str
default: ''
attach_options: attach_options:
description: description:
- 'Extra options to the zoneadm attach command. For example, this can be used to specify - 'Extra options to the zoneadm attach command. For example, this can be used to specify
whether a minimum or full update of packages is required and if any packages need to whether a minimum or full update of packages is required and if any packages need to
be deleted. For valid values, see zoneadm(1M)' be deleted. For valid values, see zoneadm(1M)'
default: empty string type: str
default: ''
timeout: timeout:
description: description:
- Timeout, in seconds, for zone to boot. - Timeout, in seconds, for zone to boot.
type: int
default: 600 default: 600
''' '''

View file

@ -14,7 +14,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ufw module: ufw
short_description: Manage firewall with UFW short_description: Manage firewall with UFW
@ -36,20 +36,24 @@ options:
- C(disabled) unloads firewall and disables firewall on boot. - C(disabled) unloads firewall and disables firewall on boot.
- C(reloaded) reloads firewall. - C(reloaded) reloads firewall.
- C(reset) disables and resets firewall to installation defaults. - C(reset) disables and resets firewall to installation defaults.
type: str
choices: [ disabled, enabled, reloaded, reset ] choices: [ disabled, enabled, reloaded, reset ]
policy: default:
description: description:
- Change the default policy for incoming or outgoing traffic. - Change the default policy for incoming or outgoing traffic.
aliases: [ default ] type: str
choices: [ allow, deny, reject ] choices: [ allow, deny, reject ]
aliases: [ policy ]
direction: direction:
description: description:
- Select direction for a rule or default policy command. - Select direction for a rule or default policy command.
type: str
choices: [ in, incoming, out, outgoing, routed ] choices: [ in, incoming, out, outgoing, routed ]
logging: logging:
description: description:
- Toggles logging. Logged packets use the LOG_KERN syslog facility. - Toggles logging. Logged packets use the LOG_KERN syslog facility.
choices: [ on, off, low, medium, high, full ] type: str
choices: [ 'on', 'off', low, medium, high, full ]
insert: insert:
description: description:
- Insert the corresponding rule as rule number NUM. - Insert the corresponding rule as rule number NUM.
@ -72,18 +76,15 @@ options:
- C(last-ipv6) interprets the rule number relative to the index of the - C(last-ipv6) interprets the rule number relative to the index of the
last IPv6 rule, or relative to the position where the last IPv6 rule last IPv6 rule, or relative to the position where the last IPv6 rule
would be if there is currently none. would be if there is currently none.
choices: type: str
- zero choices: [ first-ipv4, first-ipv6, last-ipv4, last-ipv6, zero ]
- first-ipv4
- last-ipv4
- first-ipv6
- last-ipv6
default: zero default: zero
version_added: "2.8" version_added: "2.8"
rule: rule:
description: description:
- Add firewall rule - Add firewall rule
choices: ['allow', 'deny', 'limit', 'reject'] type: str
choices: [ allow, deny, limit, reject ]
log: log:
description: description:
- Log new connections matched to this rule - Log new connections matched to this rule
@ -91,27 +92,34 @@ options:
from_ip: from_ip:
description: description:
- Source IP address. - Source IP address.
aliases: [ from, src ] type: str
default: any default: any
aliases: [ from, src ]
from_port: from_port:
description: description:
- Source port. - Source port.
type: str
to_ip: to_ip:
description: description:
- Destination IP address. - Destination IP address.
aliases: [ dest, to] type: str
default: any default: any
aliases: [ dest, to]
to_port: to_port:
description: description:
- Destination port. - Destination port.
type: str
aliases: [ port ] aliases: [ port ]
proto: proto:
description: description:
- TCP/IP protocol. - TCP/IP protocol.
type: str
choices: [ any, tcp, udp, ipv6, esp, ah, gre, igmp ] choices: [ any, tcp, udp, ipv6, esp, ah, gre, igmp ]
aliases: [ protocol ]
name: name:
description: description:
- Use profile located in C(/etc/ufw/applications.d). - Use profile located in C(/etc/ufw/applications.d).
type: str
aliases: [ app ] aliases: [ app ]
delete: delete:
description: description:
@ -120,6 +128,7 @@ options:
interface: interface:
description: description:
- Specify interface for rule. - Specify interface for rule.
type: str
aliases: [ if ] aliases: [ if ]
route: route:
description: description:
@ -128,10 +137,11 @@ options:
comment: comment:
description: description:
- Add a comment to the rule. Requires UFW version >=0.35. - Add a comment to the rule. Requires UFW version >=0.35.
type: str
version_added: "2.4" version_added: "2.4"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Allow everything and enable UFW - name: Allow everything and enable UFW
ufw: ufw:
state: enabled state: enabled

View file

@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['stableinterface'], 'status': ['stableinterface'],
'supported_by': 'core'} 'supported_by': 'core'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
module: user module: user
version_added: "0.2" version_added: "0.2"
short_description: Manage user accounts short_description: Manage user accounts
@ -38,7 +38,6 @@ options:
- macOS only, optionally hide the user from the login window and system preferences. - macOS only, optionally hide the user from the login window and system preferences.
- The default will be C(yes) if the I(system) option is used. - The default will be C(yes) if the I(system) option is used.
type: bool type: bool
required: false
version_added: "2.6" version_added: "2.6"
non_unique: non_unique:
description: description:
@ -163,8 +162,8 @@ options:
description: description:
- Optionally specify the SSH key filename. - Optionally specify the SSH key filename.
- If this is a relative filename then it will be relative to the user's home directory. - If this is a relative filename then it will be relative to the user's home directory.
- This parameter defaults to I(.ssh/id_rsa).
type: path type: path
default: .ssh/id_rsa
version_added: "0.9" version_added: "0.9"
ssh_key_comment: ssh_key_comment:
description: description:
@ -259,7 +258,7 @@ author:
- Stephen Fromm (@sfromm) - Stephen Fromm (@sfromm)
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Add the user 'johnd' with a specific uid and a primary group of 'admin' - name: Add the user 'johnd' with a specific uid and a primary group of 'admin'
user: user:
name: johnd name: johnd
@ -300,7 +299,7 @@ EXAMPLES = '''
expires: -1 expires: -1
''' '''
RETURN = ''' RETURN = r'''
append: append:
description: Whether or not to append the user to groups description: Whether or not to append the user to groups
returned: When state is 'present' and the user exists returned: When state is 'present' and the user exists

View file

@ -1,15 +1,11 @@
#!/usr/bin/python #!/usr/bin/python
# # Copyright: (c) 2018, Red Hat, Inc.
# Copyright (c) 2018 Red Hat, Inc.
#
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
from __future__ import absolute_import, division, print_function from __future__ import absolute_import, division, print_function
__metaclass__ = type __metaclass__ = type
ANSIBLE_METADATA = { ANSIBLE_METADATA = {
'metadata_version': '1.1', 'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
@ -214,6 +210,7 @@ options:
is only available when creating a new volume, and cannot is only available when creating a new volume, and cannot
be changed for an existing volume. be changed for an existing volume.
type: str type: str
choices: [ dense, sparse ]
ackthreads: ackthreads:
description: description:
- Specifies the number of threads to use for - Specifies the number of threads to use for

View file

@ -833,40 +833,15 @@ lib/ansible/modules/storage/zfs/zfs.py E322
lib/ansible/modules/storage/zfs/zfs.py E323 lib/ansible/modules/storage/zfs/zfs.py E323
lib/ansible/modules/storage/zfs/zfs_facts.py E323 lib/ansible/modules/storage/zfs/zfs_facts.py E323
lib/ansible/modules/storage/zfs/zpool_facts.py E323 lib/ansible/modules/storage/zfs/zpool_facts.py E323
lib/ansible/modules/system/aix_inittab.py E324
lib/ansible/modules/system/aix_inittab.py E326
lib/ansible/modules/system/capabilities.py E322
lib/ansible/modules/system/cron.py E324
lib/ansible/modules/system/cronvar.py E324
lib/ansible/modules/system/crypttab.py E324
lib/ansible/modules/system/debconf.py E326
lib/ansible/modules/system/firewalld.py E324
lib/ansible/modules/system/iptables.py E326
lib/ansible/modules/system/java_cert.py E324
lib/ansible/modules/system/known_hosts.py E324 lib/ansible/modules/system/known_hosts.py E324
lib/ansible/modules/system/make.py E317
lib/ansible/modules/system/mount.py E324
lib/ansible/modules/system/open_iscsi.py E322
lib/ansible/modules/system/osx_defaults.py E322
lib/ansible/modules/system/osx_defaults.py E324
lib/ansible/modules/system/pamd.py E324
lib/ansible/modules/system/pamd.py E326
lib/ansible/modules/system/puppet.py E322 lib/ansible/modules/system/puppet.py E322
lib/ansible/modules/system/runit.py E322 lib/ansible/modules/system/runit.py E322
lib/ansible/modules/system/runit.py E324 lib/ansible/modules/system/runit.py E324
lib/ansible/modules/system/sefcontext.py E326
lib/ansible/modules/system/selinux.py E324
lib/ansible/modules/system/selinux_permissive.py E322
lib/ansible/modules/system/seport.py E324
lib/ansible/modules/system/service.py E210 lib/ansible/modules/system/service.py E210
lib/ansible/modules/system/service.py E323 lib/ansible/modules/system/service.py E323
lib/ansible/modules/system/solaris_zone.py E324
lib/ansible/modules/system/ufw.py E322
lib/ansible/modules/system/ufw.py E326
lib/ansible/modules/system/user.py E210 lib/ansible/modules/system/user.py E210
lib/ansible/modules/system/user.py E324 lib/ansible/modules/system/user.py E324
lib/ansible/modules/system/user.py E327 lib/ansible/modules/system/user.py E327
lib/ansible/modules/system/vdo.py E326
lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py E326 lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py E326
lib/ansible/modules/web_infrastructure/ansible_tower/tower_group.py E324 lib/ansible/modules/web_infrastructure/ansible_tower/tower_group.py E324
lib/ansible/modules/web_infrastructure/ansible_tower/tower_job_launch.py E323 lib/ansible/modules/web_infrastructure/ansible_tower/tower_job_launch.py E323