* Add update parameter in junos_config module which supports
configuration action like merge, replace and overwrite.
* Add support for replace along with update
argument
Since we no longer use a post-validated task in _process_pending_results, we
need to be sure to template fields used in original_task as they are raw and
may contain variables.
This patch also moves the handler tracking to be per-uuid, not per-object.
Doing it per-object had implications for the above due to the fact that the
copy of the original task is now being used, so the only sure way is to track
based on the uuid instead.
Fixes#18289
If the plugin version expected is, say '1.20', then specifying it
as...
version: 1.20
... will make the YAML parser interpret it as a float, and the
value obtained by the module will be 1.2 instead of 1.20, which
will cause downloading of wrong version of the module.
This patch updates the docs so that users don't face this issue.
* Fix # #5839 Add 'update' parameter in junos_config module
Add update parameter in junos_config module which supports
configuration action like merge, replace and overwrite.
* Fix documentation issue
* Fix review comment to add replace argument
Make replace and update argument mutually
exclusive, to support replace for backward
compatibility.
Previously, packages were installed one at a time in a loop. This caused
a couple of problems.
First, it was a performance issue - pacman would have to perform all of
its checks once per package. This is unnecessarily costly, especially
when you're trying to install several related packages at the same time.
Second, if a package you're trying to install depends on a virtual
package that is provided by several different packages (such as the
"libgl" package on Arch) and you aren't also installing something that
provides that virtual package at the same time, pacman will produce an
interactive prompt to allow the user to select a relevant package. This
is obviously incompatible with how ansible operates. Yes, this problem
could be avoided by installing packages in a different order, but the
order of installation shouldn't matter, and there may be situations
where it is not possible to control the order of installation.
With this refactoring, all of the above problems are avoided. The code
will now work out all of the packages that need to be installed from any
configured repositories and any packages that need to be installed from
local files, and then install all the repository packages in one go and
then all of the local file packages in one go.
This is a redesign in how plugins call _remote_checksum().
- _remote_stat() has been modified to report the real error as
AnsiblError
- Action plugin **unarchive** calls _remote_stat() directly instead of
_remote_checksum()
- Action plugin **unarchive** also handles the exceptions directly
- Ensure get_exception() returns native text
Two other action plugins, **template** and **fetch**, also do a remote checksum.
In **template** we already call _remote_stat(), just like we now do for
unarchive, in **fetch** we do call _remote_checksum() and we make the
exact same mistake as the unarchive plugin. So that one could use a
redesign as well.
This fixes#19494
Before:
```
[dag@moria ansible.testing]$ ansible-playbook -v test137.yml
Using /home/dag/home-made/ansible.testing/ansible.cfg as config file
PLAY [localhost]
******************************************************************************************************
TASK [unarchive]
******************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg":
"python isn't present on the system. Unable to compute checksum"}
PLAY RECAP
******************************************************************************************************
localhost : ok=0 changed=0 unreachable=0
failed=1
```
After:
```
[dag@moria ansible.testing]$ ansible-playbook -v test137.yml
Using /home/dag/home-made/ansible.testing/ansible.cfg as config file
PLAY [localhost]
*************************************************************************************************************
TASK [unarchive]
*************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg":
"Failed to get information on remote file (/tmp/): sudo: unknown user:
foobar\nsudo: unable to initialize policy plugin\n"}
PLAY RECAP
*******************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0
failed=1
```
* Update system/user.py module.
Add ability to add real system users with next free system uid (< 500) on macOS.
* Improve syntax in system/user.py module.
Remove complex if else line and replace by simple comparison which yields the same boolean value.
* Remove "True" comparison of user.py.
Remove comparison to true, as it is not pep8 conform.
* Add new parameters to taskdefinition module - network_mode and task_role_arn
* Add version_added field for doco
* Change version_added parameter to 2.3
For devices that do not support mutliplexing, we cannot automatically
determine the network os. This removes the os guess static method
from the terminal plugin. For this devices, the network_os
value must be configured
It's possible to compress packages using several different compression
methods, or not compressed at all. Previously, the pacman module only
supported files compressed using xz. This update ensures that all
compression types currently supported by pacman are supported by the
ansible pacman module.
The list of supported compression methods at the time of writing can be
found here:
https://git.archlinux.org/pacman.git/tree/scripts/makepkg.sh.in#n747
This fix ensures that if there are specific module errors (in our case
the python interpreter was not found) then command and shell returns a
proper error.
It also fixes a few other imperfections that we noticed during
troubleshooting:
- Return the real RC if it were available
- Improve a dictionary evaluation using .get()
- Return an RC of -1 if it is unknown (instead of returning 0)
This fixes#18846
This fix ensures a proper error is shown when a group_vars files cannot
be parsed correctly. Without this patch you get:
```
[dag@moria ansible.testing]$ ansible-playbook test132.yml
ERROR! Unexpected Exception: dictionary update sequence element #0 has length 1; 2 is required
to see the full traceback, use -vvv
```
With this patch you get:
```
[dag@moria ansible.testing]$ ansible-playbook test132.yml
ERROR! Problem parsing file '/home/dag/home-made/ansible.testing/group_vars/test135': line 1, column 1
```
This fixes#18843
Sudoers is a great example to show how you can prevent shutting yourself
out. But SSHd is at least as important to avoid syntax errors causing a
lot of grieve. So I think it deserves a spot in this list :-)
Currently this function directs to the standard NetworkModule,
whose run_commands function takes no arguments (other than self).
This directs the call to the connection's cli method to run the command
directly on the device.
Connection plugin can define default action plugin to use by providing
action_handler instance variable. This will override the default
action plugin normal
* adds new error AnsibleModuleExit to handle module returns
* adds new action plugin network for attaching connection to network modules
* adds new shared module local to receive connection
* splits out function to update task_args with common updates
This commit provides a mechansim for running local modules that require
a connection object for interative commands tyically implemented for
network devices. It provides a way to locally import modules (post fork)
and run them using exception handling to exit.
* Fix bug #5328 apache module loading
Currently, the apache2_module module parses apache configs
for correctness when enabling or disabling apache2 modules.
This behavior introduced a conflict condition when transitioning
between mpm modules, such as mpm_worker and mpm_event.
This change accounts for the specific error condition raised
by ``apachectl -M``:
``AH00534: apache2: Configuration error: No MPM loaded.``
When loading or unloading a module with a name that contains 'mpm_',
apache2_module will ignore the error raised by apachectl if stderr
contains 'AH00534'.
Fixes#5328
* Add AH00534 warning
* Added changes from PR #5629
* Modified ignore_configcheck behavior
* Code smell test for iteritems and itervalues
* Change the keydict object in authorized_keys so it doesn't throw a false postive
keydict is a bad data structure anyway. We don't use the iteritems and
itervalues methods so just disable them so that the code-smell tests do
not trigger on it.
* Change release templates so they work with py3
The process to poll for data in the stdout and/or stderr pipes during a
low-level command execution was repetitive. Factoring this out into a
function DRYs out the code.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
For the comparisions that need to be done, this map call needs
to convert to a list because the six import in ansible changes
the behavior of map to return an iterator instead of a list
* Fix UnboundLocalError remote_head in git
Fixes#5505
The use of remote_head was a leftover of #4562.
remote_head is not necessary, since the repo is unchanged anyway and
after is set correctly.
Further changes:
* Set changed=True and msg once local_mods are detected and reset.
* Remove need_fetch that is always True (due to previous if) to improve
clarity
* Don't exit early for local_mods but run submodules update and
switch_version
* Add test for git with local modifications
Depending on the OpenStack installation it may be quicker to create a volume from an existing volume (copy-on-write) compared to from a snapshot (allocating a completely new volume).
This adds a new `volume_src` parameter to the `os_module` which accepts a volume id or name.
* Enable tests on python 3 for uri
* Added one more node type to SAFE_NODES into safe_eval module.
ast.USub represents unary operators. This is necessary for
parsing some unusual but still valid JSON files during testing
with Python 3.
* Rebase of https://github.com/ansible/ansible-modules-extras/pull/708
708 was full of extraneous merge commits interwoven with commits to
implement the feature. In the end the only way I could clean this up
in reasonable time was to just take a regular diff between the PR and
the base. This lost the history of intermediate commits but I've
preserved attribution to @dayton967 via git's --author field.
Although I preserved the logic of the PR, there were a few additional
things that I cleaned up:
* Fixed import of email.mime.multipart
* Used the argspec to set port and timeout to integers instead of having
ad hoc code inside of the module.
* Used argspec's choices for secure instead of ad hoc code inside of the
module.
* Removed some unused variables
* Made secure_state a python boolean instead of using 0 and 1
* Used secure with string comparisons instead of turning it into an
integer code. This is much more readable.
* Fixed catching of SMTPExceptions (SMTPException wasn't imported
directly so it needed to use the smtplib namespace.)
* Fix synchronize retries
The synchronize module munges its task args on every invocation of
run(). This was problematic because the munged data was not fit for use
by a second pass of the synchronize module. Correct this by using a copy
of the task args on every invocation of run() so that the original args
are not affected.
Local testing using this playbook seems to confirm that things work as
expected:
- hosts: all
tasks:
- delay: 2
register: task_result
retries: 1
until: task_result.rc == 0
synchronize:
dest: /tmp/out
mode: pull
src: /tmp/nonexistent/
fixes#18281
* Update synchroncization fixture assertions
When we started operating on a copy of the task args the test assertions
were no longer asserting things about the munged state but of the
pristine state. Convert the copy of task args to a class member so that
it can be compared against later in testing and update the assertions to
check this munged copy.
* Shuffle objects around for cleaner testing
Attach the temporary args dict to the task rather than the action as
this makes updating the existing tests cleaner.
The overwrite parameter is forcibly set to false, meaning a module
passing that parameter will have no effect. The overwrite facility
is necessary to ensure that conflicting options can be written the
configuration (which, in replace mode, they cannot).
This change ensures that if overwrite is set, it will not be changed
to False in the logic.
* Fixes#18663. Bad handling of existing config in dellos9 module.
The dellos9 module doesn't build correctly the internal
structures used to represent the existing config of the managed
network device. This leads to apply changes every time the
playbook is run, even if the existing config is the same that the
one you are trying to push into the device.
Probably this problem exist also in the dellos6 and dellos10
modules, but I only fixed it in the dellos9 module.
The fix modifies two methods. The first one is `get_config`,
where the return clause didn't work correctly when the flow
doesn't enter in the `if` block. In that case the `contents`
variable is not an array an this should be handled.
The second fix is in the `get_sublevel_config` method. In this
case the indentation whitespaces of the parents should be rebuild
because further functions and methods required it to handle
correctly comparisons used to check if changes should be pushed
into device.
* Fixes#18663 for dellos10 module with the same patches as dellos9.
mkstemp() returns a tuple containing an OS-level handle to an open file
(as would be returned by os.open()) and the absolute pathname of that
file, in that order.
This patch makes sure that the fd opened by tempfile.mkstemp() is
re-used and closed properly.
* added alpha version of the 'sorcery' module
* fully conforming YAML
* use bundled check for executables
* - codex_list(): use commands instead of checksums to get sorcery version and verify codex equality - renamed: - manage_depends() -> match_depends() - tocast -> cast_queue, todispel -> dispel_queue, needs_recast -> depends_ok - SORCERY_LOG -> SORCERY_LOG_DIR, SORCERY_STATE -> SORCERY_STATE_DIR - removed: - SORCERY_VERSION_FILE - CODEX - added commentary to match_depends() and manage_spells() - fixed bug about dropped dependency line for previously existed dependency - fixed bug about not fixing depends for the 'latest' state - simplified several code constructions
* cleaned up some docs
* do not use separate message for Codex update, rely on the 'changed' status instead
* use built-in list conversion (_check_type_list()) for spells
* corrected spell name extraction from list in match_depends()
* avoid non-matching dependencies line duplication in depends file
* added more complex playbook example
* tiny stylistic fix for docs
* replaced ternary construction with a regular statement
* replaced yet another ternary construction with a regular statement
* enable Python 2.4 compatibility by splitting try-finally block
* enable Python 2.4 compatibility by replacing 'with' statement with try-except+try-finally blocks
* unify spells' assign
* replaced one regex with startswith()
* go Ansible 2.1
* added dummy RETURN template
* go Ansible 2.2
* better clarify permissions' requirements
* - updated copyright years - fixed rebuild command bug - re-used run_command_environ_update dict for env var management
* handle Python 3.5
* Revert "handle Python 3.5"
This reverts commit 33a5a0eb64c1193318298e111f063cdd5f93b73a.
* handle Python 3.5 (2nd try)
* go Ansible 2.3
* clarity++
* For realz this time
* Fix tempfile.mkstemp (#2)
* back to square one, removing temp file from the mix
* Adding temp back
* Adding tuple back
* Adding another tuple back
* Trying to get around weird Jenkins behavior of blowing up when both .hpi and jpi file found
* Incorporating PR feedback
* Delete .hpi file instead of backing it up, some basic clean up
* Moving file deletion to the right location
* Blank lines. They always get me.
* Allow re-using an existing template when updating a stack by not passing 'template' or 'template_url'. This is a big one for me as our deploy process creates a new stack and then modifies the old one; to avoid changing the resources inside the old one, we have had to avoid using the Ansible module and use the AWS CLI instead in order to pass `--use-previous-template`.
* Split create and update logic into separate functions
* Remove dead `update` variable
PR move of https://github.com/ansible/ansible-modules-core/pull/3588
##### ISSUE TYPE
- Docs Pull Request
##### COMPONENT NAME
ec2_group.py
##### ANSIBLE VERSION
```
ansible 2.0.2.0
config file = /Users/tpai/src/cm-secure/ansible.cfg
configured module search path = Default w/o overrides
```
##### SUMMARY
Make it clear you can specify the created group in the rules list, allowing idempotent use for group<->group networking rules.
This is a really useful feature that isn't obvious enough in the docs.
Fixes unnecessary VM restart.
VM userdata is currently not returned by the API listVirtualMachine and task will always be marked as changed in has_changed(), which will result in an unnecessary VM restart if force=true.
Reported by @Mayeu
The vmid is no longer a required parameter
For the 'present' state:
If not set, the next available one will be fetched from the API
For the 'started', 'stopped', 'restarted' and 'absent' states:
If not set, the module will try to fetch it from the API based on the hostname
Inspired from the behavior of the proxmox_kvm module
Creation of a maintenance window returns a 201 (PagerDuty Developer documentation is unfortunately incorrect). Deleting a maintenance window returns a 204.
This whole module is really lacking in security guidelines, but
downloading RPMs via plain `http://` without gpg is quite bad. Let's
use `https://` for the EPEL examples for a start.
This change makes os_stack module idempotent. Otherwise, re-use of the
module fails with:
Error updating stack: ERROR: The Parameter (...) was not provided.
Fixes#3165.
* Moved JSON-RPC client IPAClient class to ansible.module_utils.ipa, which is extended by all ipa modules
* ipa_user: incorporate displayname and userpassword attributes in module_user
* ipa_user: capitalized "I" in comment
* ipa_user: updated get_ssh_key_fingerprint to include possibility of the uploaded SSH key including user@hostname comment, which also appears in the queried fingerprint. This fixes a mismatch in the calculated and queried SSH key fingerprint in the user_diff calculation when the user already exists.
* ipa_hbacrule: ipaenabledflag must be 'TRUE' or 'FALSE', not 'NO'
* ipa_sudorule: ipaenabledflag must be 'TRUE' or 'FALSE', not 'NO'
* Add author to files missing it
* Fix kibana
* More native YAML
* More native YAML
* More native YAML
* More native YAML. Now only languages/ is missing
* Use native yaml sintax for packaging/languages as well
* Some more and quote fixes
* Fix wrong grouping
The policycoreutils python API for RHEL6 and RHEL7 are sufficiently
different, requiring some additional definitions and specific conversion
that works on old and new implementations.
It also implements a fix for non-ascii error messages (like when using a
French locale configuration).
This fixes#3551.
* Added new option to select the active a10 partition
* added version_added to the description of the new option
* added RETURN documentation
* fixed indents
* Removed empty cases, removed unneeded aliases
* removed artifacts from merging
* updated version_added to 2.3
* removed host, username and password option
* removed write_config and validate_certs documentation
* add a10_server_axapi3 module
* added return documentation
* modified a10_server_axapi3.py per feedback
* fixed line 60 s/action/operation/
* modified a10_server_axapi3.py per feedback
* modified a10_server_axapi3.py per feedback
* corrected YAML format error in documentation
* removed slp_server_ip and slp_server check in code since the arguments are labeled as required, per feedback
* modified: a10_server.py
modified: a10_service_group.py
modified: a10_virtual_server.py
Changed main() block, restricted import to only functions used.
* removed space for main() to be last line
* removed invalid lines
* Modified Documentations for a10_server.py, a10_service_group.py, a10_virtual_server.py
* Take out alias:[] and choices:[] in Documentation from a10_service_group.py and a10_virtual_server.py since they are now the default
* deleted a10_server.py, a10_service_group.py, a10_virtual_server.py
* deleted 'version_last_modified' line in Documentation across a10_server.py, a10_service_group.py and a10_virtual_server.py as they were added in error, change validate_certs version_added in a10_server.py
* added newline after main()
* added newline after main() for a10_server_axapi3.py
* Create `serverless` module for handling deploys on the Serverless Framework
* fix interpreter line
* Successfully exit when a stage is already absent
Both the `homebrew` and `homebrew_cask` modules iterate over
dictionaries using `iteritems`. This is a Python 2-specific method whose
behavior is similar to `items` in Python 3+. The `iteritems` function in
the six library was designed to make it possible to use the correct
method.
Traceback:
Traceback (most recent call last):
File \"/tmp/ansible_d28_6uwl/ansible_module_make.py\", line 153, in <module>
main()
File \"/tmp/ansible_d28_6uwl/ansible_module_make.py\", line 119, in main
rc, out, err = run_command(base_command + ['--question'], module, check_rc=False)
File \"/tmp/ansible_d28_6uwl/ansible_module_make.py\", line 79, in run_command
return rc, sanitize_output(out), sanitize_output(err)
File \"/tmp/ansible_d28_6uwl/ansible_module_make.py\", line 95, in sanitize_output
return output.rstrip(b(\"\\r\\n\"))
TypeError: rstrip arg must be None or str
There is also a six.iteritems issue, fixed using six.
* gluster_volume: Fixes issue when creating a new volume failing due to peers not being present. The peers which are not 'localhost' should invoke wait_for_peer, but the find method returns -1 (not 0) on non-localhost peers.
By default, sparse option is true in ovirt. So the raw disk
creation in a block storage domain will fail with error "Disk
configuration (RAW Sparse) is incompatible with the storage domain
type".
The commit adds sparse option where it is send as False when
format is raw and True when format is qcow2
* New module proxmox_kvm
* fixed qxl value vor vga param
> | Name | Type | Format | Description |
> |------|------|--------|-------------|
> | vga | enum | std \| cirrus \| vmware \| qxl \| serial0 \| serial1 \| serial2 \| serial3 \| qxl2 \| qxl3 \| qxl4 | Select the VGA type. If you want to use high resolution modes (>= 1280x1024x16) then you should use the options 'std' or 'vmware'. Default is 'std' for win8/win7/w2k8, and 'cirrus' for other OS types. The 'qxl' option enables the SPICE display sever. For win* OS you can select how many independent displays you want, Linux guests can add displays them self. You can also run without any graphic card, using a serial device as terminal. |
* Fix create_vm() fail on PV 4.3
* Set default for force as null in doc
* proxmox_kvm: revision fixes
* proxmox_kvm: more revision fixes
* Fix indentation
* revision fixes
* Ensure PEP-3110: Catching Exceptions
* KeyError, to KeyError as -- PEP-3110: Catching Exceptions
* Fix Yaml document syntax; Notes: => Notes -
* Refix documentation issue
* Fix Documentation
* Remove Notes: in description
* Add current state and it return value
* Update documentation
* fixed local variable 'results' referenced before assignment
* Fix fixed local variable 'results' referenced before assignment
* minor fixes in error messages
* merge upstream/devel int devel
* minor fixes in error messages
* Fix indentation and documentation
* Update validate_certs description
* translate() has a different api for text vs byte strings
* maketrans must be imported from a different location on py2 vs py3
Since this is such a small string outside of a loop we don't have to
worry too much about speed so it's better to have a single piece of code
that works on both py2 and py3
Fixes#3249
The python-consul library already supports this, so it is just a simple
case of enablement.
This does not break the current logic in `add` of parsing as a check,
then parsing as a service if that fails… because service_name is
mandatory on a service registration and is invalid on a check
registration.
* ipa_group: Fix: 'list' object has no attribute 'get'
* ipa_hbacrule: Fix: 'list' object has no attribute 'get'
* ipa_host: Fix: 'list' object has no attribute 'get'
* ipa_hostgroup: Fix: 'list' object has no attribute 'get'
* ipa_role: Fix: 'list' object has no attribute 'get'
* ipa_sudocmd: Fix: 'list' object has no attribute 'get'
* ipa_sudocmdgroup: Fix: 'list' object has no attribute 'get'
* ipa_sudorule: Fix: 'list' object has no attribute 'get'
* ipa_user: Fix: 'list' object has no attribute 'get'
* ipa_sudorule: Fix: invalid 'cn': Only one value is allowed
* ipa_hostgroup: module returns changed if assigned hosts or hostgroups are not in lowercase
* extra detail on which step triggered 'change', detect and handle powershell mishandling nssm's unicode as utf8
* Simpler handling of nssm output encoding
Thanks @nitzmahone for a cleaner way to control PowerShell's behavior
While I still have no idea why or how the `map` call is being swapped out while still running in python 2.7, this change will fix the following error, as well as improve py3 compatibility.
* Add FreeIPA modules
* Update version_added from 2.2 to 2.3
* ipa_*: Use Python 2.4 syntax to concatenate strings
* ipa_*: Replace 'except Exception as e' with 'e = get_exception()'
* ipa_*: import simplejson if json can't be imported
* ipa_hbacrule: Fix: 'SyntaxError' on Python 2.4
* ipa_sudorule: Fix: 'SyntaxError' on Python 2.4
* ipa_*: Fix 'SyntaxError' on Python 2.4
* ipa_*: Import get_exception from ansible.module_utils.pycompat24
* Add FreeIPA modules
* Update version_added from 2.2 to 2.3
* ipa_*: Fix 'SyntaxError' on Python 2.4
* ipa_*: Replace Python requests by ansible.module_utils.url
* ipa_*: Replace Python requests by ansible.module_utils.url
* ipa_*: Add option validate_certs
* ipa_*: Remove requests from Ansible module documentation requirements
* ipa_sudorule: Remove unnecessary empty line
* ipa_sudorule: Remove markdown code from example
* ipa_group: Add choices of state option
* ipa_host: Rename options nshostlocation to ns_host_location, nshardwareplatform to ns_hardware_platform, nsosversion to ns_os_version, macaddress to mac_address and usercertificate to user_certificate and add aliases to be backward compatible
* Return actual queue attributes with result
Previously this was only returning the desired queue attributes, and not even returning the QueueARN for use elsewhere. Now it will return "results.attributes" that is retrieved with boto's get_queue_attributes().
* update return structure to reflect current SQS config; add documentation of return values
* Remove redundancy from if/else statement
Added support to explicitly manage task definitions be revision. If the
revision expectations of the ansible task cannot be met, an error is
thrown.
If revision is not explicitly specified, enhanced module to be
idempotent with respect to task definitions. It will search for an
active revision of the task definition that matches the containers and
volumes specified. If none can be found, a new revision will be created.
Currently <active> tag is passed within the disk element which is
incorrect. As a result, disk will remain inactive even though the
default option is true.
In Zabbix, the visible name defaults to the hostname. This is not very
useful if you try to manage vmware VMs as the so called host_name within
zabbix must be set to the vcenter UUID.
This patch allows you to provide an alias which will be shown with
zabbix. If its not supplied it will default to host_name.
* Adding support for proxysql
* Moved and restricted imports, updated exception handling
* Updated version_added, and mysqldb_found constant name
* Removed unnecessary parentheses
In dnf, environment groups are separate from groups. Need to handle
them separately when calling the API.
Fixes#2178
After upstream review, hande dnf-2.0 mandatory packages in groups
If mandatory packages in a group are not installed, a group will report
failure. Fix this by catching the error and reporting after trying
to install the other packages and groups in the transaction.
* dnf: fix compatibility with DNF 2.0
* Reimplement (copy) old dnf.cli.commands.parse_spec_group_file(),
upstream uses argparse since 2.0.
* add_remote_rpm() has been changed to the add_remote_rpms()
Closes: https://github.com/ansible/ansible-modules-extras/issues/3310
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
* fixup! dnf: fix compatibility with DNF 2.0
This module aims to allow a user to manage the lifecycle of OpenSSL
private keys. Internally it relies on the pyOpenSSL python library
to interact with openssl.
A user is able to specify :
* key size (via `size` parameter)
* key algorithm (via `type` parameter)
* key location (via `path` parameter)
The most simple use case is:
```
- name: Generate ansible.com.pem SSL private key
openssl_privatekey: name=ansible.com.pem
path=/etc/ssl/private
```
A user can speficy more settings:
```
- name: Generate ansible.com.pem SSL private key
openssl_privatekey: name=ansible.com.pem
path=/etc/ssl/private
size=2048
type=DSA
```
A user can also force the regeneration of an SSL key:
```
- name: Generate ansible.com.pem SSL private key
openssl_privatekey: name=ansible.com.pem
path=/etc/ssl/private
force=true
```
* Changed default deployment mode to match with azure -cli behaviour. "Complete" mode by default is too dangerous.
* Set incremental as default behaviour for deployment mode.
This commit adds module settings for configuring TLS encyption on the
mqtt notification module. Previously there was no way to configure
sending the messages encrpyted to mqtt.
* Add initial support for using a cluster instead of an esxi hostname
* FindByInventoryPath doesn't always work, so implement a fallback method to match the path
Traceback (most recent call last):
File \"/tmp/ansible_ueg52c0b/ansible_module_blockinfile.py\", line 319, in <module>
main()
File \"/tmp/ansible_ueg52c0b/ansible_module_blockinfile.py\", line 259, in main
if line.startswith(marker0):
TypeError: startswith first arg must be bytes or a tuple of bytes, not str
Also clean imports while on it.
When using the `make:` extras module, often the action taken
by the Make target is large. It is useful, therefore, to see
the output that `make` had to std{out,err} during execution
even when the target did not fail.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Fail with:
Traceback (most recent call last):
File \"/tmp/ansible_2rsl4fg1/ansible_module_pkgng.py\", line 353, in <module>
main()
File \"/tmp/ansible_2rsl4fg1/ansible_module_pkgng.py\", line 330, in main
_changed, _msg = install_packages(module, pkgng_path, pkgs, p[\"cached\"], p[\"pkgsite\"], dir_arg)
File \"/tmp/ansible_2rsl4fg1/ansible_module_pkgng.py\", line 161, in install_packages
old_pkgng = pkgng_older_than(module, pkgng_path, [1, 1, 4])
File \"/tmp/ansible_2rsl4fg1/ansible_module_pkgng.py\", line 121, in pkgng_older_than
while compare_version[i] == version[i]:
TypeError: 'map' object is not subscriptable
Fix an issue with _nic_to_public_ips_instance() function. There was an assumption in the code that the Public IP sits in the same resource group, this isn't always the case.
ansible-validate-modules is now in ansible/ansible
During 2.3 we will be merge the modules into ansible/ansible so this file will go away.
The new testing documentation will refer to `ansible-test` which will wrap up the unit, integration, and ansible-validate-modules. So no need to document here.
* openbsd_pkg: Use correct part of name in match.
Previously this part of the code could assume that the name was a stem
with nothing else attached (like "autoconf"). With the introduction of the
branch syntax ("autoconf%2.13") this is no longer true.
Check if the package name was identified as using a "branch" style name,
and base the match on the leading part of the name if that is the case.
While here remove unnecessary "pass" and tidy up debug log message.
Problem reported by @jasperla.
* openbsd_pkg: Add missing "." in comment.
Fix mongodb_user.py version detection logic for mongo srv 2.6 and mongo driver 2.7. The wrong variable was used for detecting the mongo driver version. This fix resolves the error "(Note: you must use pymongo 2.7+ with MongoDB 2.6.. 2.6.11)" no matter what version of pymongo you had installed for mongodb 2.6.
When archiving multiple files, the full length of the calculated
`arcroot` would be removed from the beginning of all file names. If
there was no arcroot, the first two characters of all files would be
removed, so `file.txt` would become `le.txt`.
This patch uses the regular expressions substitution anchored to the
start of the string, so the arcroot is only removed if it is actually
present.
* Fix error in crypttab doc
* Use path type for file argument
This permit to make sure that $HOME and '~' are properly
expanded, even if in the case of crypttab, this might not make
a lot of sense
* PanOS module that allows admin password change.
* fixed a typo
* empty __init__.py
* added require ansible Python extension .py
* added version string
* added return docstring
* changed version to 2.2
* - changes to the format and module as requested by @privateip
* changed version back to 2.2 as 2.3 was failing automated tests
* Revert "changed version back to 2.2 as 2.3 was failing automated tests"
reverting version info
This reverts commit 71d520f3b4b69eb017c2b9f287a74cb77fae9d1c.
The modules listed in this PR were using YAML that resulted in
blockquote tages being inserted into the generated RestructedText.
This PR fixes that so that the documentation once again looks correct
The returns are actually nested under `configuration` keys, so the docs
need to reflect that. Also add the automatic return of the function
version, so it can be used to feed the `lambda_alias` module.
The fix allows the asa_config module to request the config to contain
all default statements or password information necessary for vpn
tunnel endpoints
This argument had a couple of issues with it. First, as it was
being interpreted in the code, it did not check for idempotency.
Second, the model of having the parameters be "all_*" is going to
hinder the ability to "undo", so-to-speak, what the user did while
maintaining legibility.
Consider if the user specified "all_enabled_vlans='net1'" and then
decided they wanted to backout of this decision. What is the proper
argument to fulfill this wish? "all_enabled_vlans='...?'
This patch changes the all_enabled_vlans argument to be "enabled_vlans",
ensures that idempotency works, and also provides for a way to "undo" a
change to the enabled VLANs by allowing the user to specify the special
case VLAN named "ALL" (all capitals).
This makes the parameter more intuitive because the users will specify
which vlans they want to make the virtual available on
* enabled_vlans="net1"
but also allows them to "undo" what they did by setting it back with
the case of all
* enabled_vlans="ALL"
* elasticsearch_plugin: rewrite module to not use unsupported parameters (#1785)
Avoid using parameters when they are not needed (#1785)
* elasticsearch_plugin: add version only during plugin installation and parse plugin name for its removal
* elasticsearch_plugin: join command args before running it
We were incorrectly making VLANS always be untagged when they could
be either tagged or untagged. This change corrects the arguments to
the vlan module to allow for specifying either untagged or tagged
interfaces. The arguments are mutually exclusive
The code for traffic groups was not being tested and therefore
had errors associated with it. It is now covered in coverage tests
and bugs that were found in it have been fixed.
See this issue for details
https://github.com/F5Networks/f5-ansible/issues/28
In the six package, the map() function returns an iterator instead
of a list. This code was continuing to use the map() return value
as if it were a list and this broke the address_class facts.
This patch changes the code to use the list() method on the return
value of map().
Using values caused problems while creating an integration playbook as it is a reserved word. Seeing as this module is not yet released, it's prudent to make this change now. 'record_data' is more descriptive and uses the _data convention that we've established for instances.
No functionality in the module has changed.
* Add oVirt module to manage VMs
This patch add oVirt module to manage Virtual Machines
* Add oVirt module to manage authentication
This patch add oVirt module to manage authentication
* Add oVirt module to manage disks
* Added VM state management and fixups
* Modification of describe_gateways key so that it is consistent with what create_gateway returns.
Also added AnsibleModule spec to require bgp_ip on state=present as defined in the doc
* Don't remove CustomerGateways key to preserve backward compatibility
The 'short_description' in netapp_e_lun_mapping was a
list instead of txt.
This fixes errors on 'ansible-doc -l' of form:
ERROR! module netapp_e_lun_mapping has a documentation
error formatting or is missing documentation
Fixes: #17634 (ansible/ansible)
When using `use_max` or `use_min` in `pam_limits`, the new value is an integer compared with the actual_value which is a string, so they are always different and the module reports a changed but none occurred.
The modules prefixed with netapp_e* are built to support the
SANtricity storage platform.
The modules provide idempotent provisioning for volume groups, disk
pools, standard volumes, thin volumes, LUN mapping, hosts, host groups
(clusters), volume snapshots, consistency groups, and asynchronous
mirroring.
They require the SANtricity WebServices Proxy.
The WebServices Proxy is free software available at
the NetApp Software Download site:
http://mysupport.netapp.com/NOW/download/software/eseries_webservices/1.40.X000.0009/
Starting with the E2800 platform (11.30 OS), the modules will work
directly with the storage array. Starting with this platform, REST API
requests are handled directly on the box. This array can still be
managed by proxy for large scale deployments.
* letsencrypt: improve error handling
Use the new "body" field of the info dict in case of a HTTPError.
* letsencrypt: HTTP 202 is a valid status while polling
The domains method was not defined, and therefore when specifying
a parent domain during route domain creation, the process would
fail.
Tests have been added to detect this going forward
* Fix bug in processing of null return
* Fix multi-dc folder location by enhancing the foldermap and using it to search
* Remove unused functions
* Refactor finding vm by folder
Fixes#2900
* Use common file arguments on destination file
* Rename 'compression' to 'format' h/t @abadger
* Add support for plain 'tar' format
* Ensure check_mode is respected
* clean up functions and remove unneeded code
* config difference now includes keyword argument
* module reports changed when save argument is yes with or without check_mode
* updated fail_json return with exc kwargs
* fixed up import statements
* fixes issues with import error
* removes need for filter attribute in Cli instance
* now filters config either from device or provided via config argument
ref: #2890
Jenkins stores the information about the state (disabled/enabled) in the config, which result in a race condition between `config` and `enabled` and we loose idempotency. It makes sense to define them mutually exclusive.
Renamed `enable` to `enabled`. Ansible uses the name `enabled` in many modules, e.g. service as it indicates a state not an action.
Ensure the HAVE_FIREWALLD checks check only for the
presence of the python dependencies, and not the age
of the library or the state of the service, which
are checked later.
This bug was introduced accidentally when refactoring to 2.2. The instance
of the candidate config was deleted. This adds the candidate config
instance back
fixes#2890
current implementation was breaking making the module unusable, changing to the list comprehension fixes this. Also default to seconds instead of throwing a exception when no duration units are supplied as this causes tests to fail
Adds bigip_ssl_certificate module
This module is another in the ongoing "bootstrapping saga" that is
being undertaken. With this module you can manage the lifecycle of
the SSL certificates on a BIG-IP. This includes those used for
SSL offloading.
Tests for this module can be found here
https://github.com/F5Networks/f5-ansible/blob/master/roles/__bigip_ssl_certificate/tasks/main.yaml
Platforms this was tested on are
12.0.0
12.1.0
* removes get_module() factory method for NetworkModule
* add src argument to provide path to config file
* add new choice to match used to ignore current running config
* add update argument with choices merge or check
* add backup argument to backup current running config to control host
* add defaults argument to control collection of config with or withoutdefaults
* add save argument to save current running config to startup config
* commands argument now accepts a dict arguments
* only show commands are allowd when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
* zypper_repository add auto_import_keys options
* also give more output on failure (rc, stdout, stderr)
* be more specific in the doc for auto_import_keys
* add runrefresh option to zypper_repository
* this comes out of ansible/ansible-modules-extras#2411, where AnderEnder adds refresh to the zypper module
* adds a way to force zypper to refresh a repository
* can be used to refresh independently of auto_import_keys
* add option to run name=* runrefresh=yes
* name runrefresh to not break existing use to refresh (now alias to autorefresh)
* add version_added flag to autorefresh
* remove wrong version_added comment
Recently, a user reported that the bigip_facts module was failing with the error
received exception: object of type 'itertools.imap' has no len()
This reported was occurring at line 1657 of the bigip_facts module
bug report is here
https://github.com/F5Networks/f5-ansible/issues/25
Upon further investigation, the map function for returning the specified
includes was returning an iterator, and calling len() on an iterator does
not work.
I believe this problem was caused by part of the Python 3.x effort insofar
as the inclusion of this line
https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/basic.py#L143
seems to affect our usage of map(), probably for the better anyway, and we need
to change our expectations in our module's code to no longer assume a list, but
instead assume an iterator.
After trawling through the module_utils/basic code, I think a list
comprehension is more appropriate here anyway, so I'm changing it to be
that. The affected user reported it works this way, and my own testing
on 2.2.0 supports that.
* Add facts and storage system modules.
* Update version metadata.
* Add facts and storage system modules.
Update version metadata.
Add init files.
* Fixes for review comments.
* Fixes for review comments.
* Update document fragments for api_* options to indicate they are required.
* Correct bad string concatenation.
* Add option description for validate_certs since basic_auth arg_spec is no longer extended.
* Add default value for validate_certs in docstring.
* Rename directory name so it applies to netapp and not simply eseries platform.
* Rename modules to differentiate other netapp modules.
First version of execute_lambda module
Supports:
- Synchronous or asynchronous invocation
- Tailing log of execution (sync execution only)
- check mode
* Error if shade is too old for domain_id on os_project
os_project's domain_id parameter requires shade >= 1.8.1 to work. Be
explicit.
Fixes#2805 os_project requires python-shade 1.8.1 or higher
* What I really meant was 1.8.0
This parameter can be used to open up access to (among other things)
the mgmt address of a BIG-IP. It is necessary for configuring bigips
in an HA configuration.
Revert "Added support for firewall rules, consolidated resource UUID retrieval methods for server and NIC modules, and set LAN type to int."
This reverts commit 464cbb89f225578386a830624633a55e39054544.
* UCS udm_dns_zone: added
Signed-off-by: Tobias Rüetschi <tobias.ruetschi@adfinis-sygroup.ch>
* UCS udm_dns_zone: updated, add supports check mode
Signed-off-by: Tobias Rüetschi <tobias.ruetschi@adfinis-sygroup.ch>
* UCS udm_dns_zone: updated, add support to modify dns zones
* UCS udm_dns_zone: change string formating
* UCS udm_dns_zone: add a function to convert the time to the biggest unit
* UCS udm_dns_zone: add type definitions to the argument specification
* UCS udm_dns_zone: update function convert_time
* UCS udm_dns_zone: only modify object if it has changed
* UCS udm_dns_zone: add documentation
* UCS udm_dns_zone: fix checks
* UCS udm_dns_zone: if dns zone not exists, changed is always true
* UCS udm_dns_zone: documentation, add version_added
* UCS udm_dns_zone: add license and fix travis for python 3
* UCS udm_dns_zone: import common code for univention from ansible.module_utils.univention
* univention udm_dns_zone: adapt to library univention_umc
* univention udm_dns_zone: lint
* univention udm_dns_zone: add requirement python >= 2.6 to documentation
* univention udm_dns_zone: dont import time, its unused
* Add the flush parameter.
When specified the flush parameter indicates that this module should remove all
rules from the specified table. If no table parameter is specified then the
default filter table is flushed.
* Add support for setting chain policies.
The module supports setting the policy of a given chain and table to the
following target values, ACCEPT, DROP, QUEUE, and RETURN. This parameter ignores
all other unrelated parameters.
* Fix pep8 issues.
* Fix missing quotation.
* Make 'flush' and 'policy' parameters mutually exclusive.
This combination is not supported by the wrapped iptables command. 'flush' and
'policy' however, can both take the 'chain' argument.
This module can be used to maintain the iRules for both LTM and GTM
on a BIG-IP. iRules should be supplied in their string form using
normal strings (unlikely), file lookups (likely), or template
lookups (likely).
Tests for this module can be found here
https://github.com/F5Networks/f5-ansible/blob/master/roles/__bigip_irule/tasks/main.yaml
Platforms this was tested on are
11.6.1
12.0.0
12.1.0
* apk: Fix mutual exclusivity
Ensure that 'name' and 'upgrade' are mutually exclusive.
Also add a note to the documentation to say so.
Fixes: #2767
* Fix documentation
This change removes the loop watching for "/var/lock/subsys/lxc" from
the lxc-container module. This change simply runs the command within
a container using the lxc CLI tools which should be responcible for
locking and unlocking on their own.
Closes-Issue: https://github.com/ansible/ansible-modules-extras/issues/690
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
* Changed type of 'details' argument to bool on ecs_service_facts module.
* Changed type of 'autostart' argument to bool on virt_* modules.
* Changed types of 'autoconnect' and 'stp' argument to bool on nmcli module.
('create_connection_bridge(self)' and 'modify_connection_bridge(self)' are not implemented yet?)
* Added conversion of 'value' argument when 'vtype' is boolean on debconf module.
After commit 9392943 more properties are always sets with their defaults
values (e.g. service to 'any'). This causes no issue when the rule is created,
but causes an error message that says "The property 'X' cannot be found on this
object. Verify that the property exists." because the module checks for
any property value that has changed, but `netsh advfirewall firewall show rule`
does not list any property unless `verbose` is set. This patch solves this.
Fixes#2624
This module can be used to manipulate data centers in a BIG-IP.
It supports both the iControl SOAP and iControl REST APIs, but default
to the REST API. With this module, you can perform operations similar
to those available in tmsh to create data centers and set the contact,
location, and description of those data centers.
This module is most useful in the initial provisioning of a BIG-IP
This module can be used to directly manipulate the system database
variables in a BIG-IP. It supports both the iControl SOAP and iControl
REST APIs, but default to the REST API. With this module, you can
perform operations similar to those available in tmsh to set system
variables such as turning off the default setup screen.
This module is most useful in the initial provisioning of a BIG-IP
This module can be used to manage VLANs in BIG-IP on various software
versions. It is part of a bootstrapping effort underway to provide
modules necessary to bootstrap core settings in a BIG-IP.
Tests for this module can be found here
https://github.com/F5Networks/f5-ansible/blob/master/roles/__bigip_vlan/tasks/main.yaml
Platforms this was tested on are
- 11.5.4 HF1
- 11.6.0
- 12.0.0
- 12.1.0 HF1
Changes:
- Document missing 'path' option and remove redundant brew_path manipulation
- Add 'update_homebrew' option since 'brew cask update' as a synonym for
'brew update' is available nowadays
- Add additional missing aliases documentation
- Port additional improvements (expanded support for brews path, cask path
patterns etc.)
- Allow proper `list` type support for 'name' option.
This allows doing 'brew tap <url>' where the URL is not assumed to be on GitHub,
and the protocol doesn't have to be HTTP. Any location and protocol that git can
handle is fine.
While at it, allow proper `list` type support for 'name' option and update
module documentation for option aliases.
* fixes#2158
* handles version-specifiers (>,<,>=,<=,=) correctly
* adds option "oldpackage", which is passed to zypper
* this is implied as soon as a version is specified
* it can be used independently to allow downgrades coming from repos
* add __main__ check
* extend documentation on version specifier
* Create a Kinesis Stream.
* Tag a Kinesis Stream.
* Update the Retention Period of a Kinesis Stream.
* Delete a Kinesis Stream.
* Wait for a Kinesis Stream to be in an ACTIVE State.
A number of coding conventions have been adopted for new F5 modules
that are in development. To ensure common usage across the modules,
this module needed to be updated to reflect those conventions.
No functional code changes were made.
* Create an AWS Nat Gateway.
* Delete an AWS Nat Gateway.
* If Nat Gateway exist in subnet and the option is passed to not create one, it will then return the Nat Gateway object.
* return a proper result set for getmaster/getslave
when not on a master/slave.
This allows for a cleaner error handling.
* A more uniform return of result keys for getmaster/slave
* rename archive -> arcfile (where it's a file descriptor)
* additional return
* simplify logic around 'archive?' flag
* maintain os separator after arcroot
* use function instead of lambda for filter, ensure file exists before file.cmp'ing it
* track errored files and fail if there are any
* Don't include the archive in the archive if it falls within an archived path
* If remove=True and the archive would be in an archived path, fail.
* Fix single-file zip file compression
* Add more documentation about 'state' return
This manages compressed files or archives of many compressed files. You can maintain or update .gz, .bz2 compressed files, .zip archives, or tarballs compressed with gzip or bzip2.
Possible use cases:
* Back up user home directories
* Ensure large text files are always compressed
* Archive trees for distribution
This module was using python 2.6 string .format().
To enable the module to run on python2.4, replace
the .format formatting with '%s' based string formatting.
There was also a use of a 'filename' variable in the
NosystemdTimezone.get() method that was never set.
An import of 'os' was also added for clarity.