Takes a lot of the fixes to the user module and applies them to the
group module: provide stdout/stderr in result if available and call
fail_json() if the attempted action fails.
The user module now returns the output, both stdout and stderr, from
useradd, usermod, and userdel. This should help debug cases why one of
those commands fail. In addition, the user module will now call
fail_json() when the attempted command failed so as to properly
communicate a failure in a playbook.
This flag will show playbook output from non-failing commands. -v is also added to /usr/bin/ansible, but not yet used.
I also gutted some internals code dealing with 'invocations' which allowed the callback to know what module invoked
it. This is not something 0.5 does or needed, so callbacks have been simplified.
- Added Upstart support
- Added an initial unknown state
- Prevented state changes when the current state is not recognized
- Changed the keyword recognition to a safer method
Tested with OS X local connection and Linux remote. The paths to the
md5sum and md5 commands are hardcoded to the most common location. This
will definitely fail if the commands are elsewhere, or if the md5
command doesn't support the -q 'quiet' option.
This adds a module that concatenates (ie. assembles) a file from
fragments in a directory in alphabetical order. It chains the file
module afterward to fix up ownership and permission. This also adds
tests for the assemble module with fragments in assemble.d.
This switches to using selinux library calls instead of parsing the
output of sestatus. This fixes issue #428 where the output was slightly
different than expected on F17. Tested against debian (non-selinux),
centos5, centos6, and fedora17.
I think when we stopped using stderr for debugging modules because
paramiko didn't like it, many modules used the idiom of defining
a debug function that used standard error. The def's and calls were
removed.
This looks like a stray debug() that didn't get removed and didn't
show up unless you alter a user's groups. If it's hit, 'user' fails
with a global undefined function error.
The ohai and facter modules use /usr/bin/logger to log the fact that
they have been invoked. I added 'import os' to the ping module
so that it could have the same syslog statements as the other modules.
I separated the condensed:
shlex.split(open(argfile, 'r').read())
into two separate statements similar to the other modules.
This adds some logic when usings groups possibly in combination with append
if just specifying groups and the current groups do not match the list
set groups
if specifying groups with append and any group thats not in the current groups
set groups with -a
Checks if update-rc.d (Ubuntu) or chkconfig (RHEL) should be used.
Adds basic bin path search for those binaries
Adds 'enable' and 'disable' options for 'enable' command since it's the
arguments that update-rc.d uses (this might be somewhat confusing to
have a command line with 'enable=enable', but probably mkes sense for
Ubuntu users).
Allows use of mixed case for 'list' and 'state' commands.
This removes the 'context' option and replaces it with checks for
'_default' value for seuser, serole, setype, or (maybe) selevel.
If '_default' is provided *and* there is a default context for the given
file, this will set the file context to the available default.
Creates system accounts/groups; corresponds to the '-r' option for {user,group}add.
The option is only honored when users/groups are added, not when modified.
When running the service module via sudo, `$PATH` didn't contain `/sbin`,
so the service binary couldn't be found. This just runs `/sbin/service`
directly. Output is spewed to stderr on error.
Added `list=status` to include the output of `service <cmd> status`.
This adds selinux_mls_enabled() and selinux_enabled() to detect a)
whether selinux is MLS aware (ie supports selevel) and b) whether
selinux is enabled. If selinux is not enabled, all selinux operations
are punted on -- same as if python's selinux module were not available.
In set_context_if_different(), I now iterate over the current context
instead of the context argument. Even if the system supports MLS, it
may not return the selevel from selinux.lgetfilecon(). Lastly, this
drops selinux_has_selevel() in lieu of the current approach.
Older versions of selinux, such as that deployed on rhel5, only return a
context of user:role:type instead of user:role:type:level. This detects
whether the tuple has three elements (old-style) or four. If the
old-style, it keeps the secontext list at three elements.