When the PYTHONPATH is an empty string python will treat it as though
the cwd is in the PYTHONPATH. This can be undesirable. So make sure we
delete PYTHONPATH from the environment altgether in this case.
Fixes#16195
* Give a module the possibility to known its own name
This is useful for logging and reporting and fixes the longstanding problem with syslog-messages:
May 30 15:50:11 moria ansible-<stdin>: Invoked with ...
now becomes:
Jun 1 17:32:03 moria ansible-copy: Invoked with ...
This fixes#15830
* Rename the internal name from module.ansible_module_name to module._name
* Port urls.py to python3
Fixes (largely normalizing byte vs text strings) for python3
* Rework what we do with attributes that aren't set already.
* Comments
This makes it possible to use anything other than a list (e.g., a
tuple, or dict.keys() in py3k) for argument_spec choices. It also
improves the error messages if you don't use a list type.
This change makes it so we know when it is safe to get rid of the module
(when we stop supporting python2.4) and makes it easier for us to find
code that is using the functions in there to update.
If needed, we'll create a pycompat26 and pycompat27 as well. These
files are for functions that are needed on that python version to write
portable code. So python-2.4 compatible modules may need code in
pycompat24, python26+ modules may need code in pycompat26, etc. If
a function is needed in multiple python versions, we should implement it
in an internal common file and use import to put it in the namespace for
each pycompatXY module.
* Make ziploader's ansible and ansible.module_utils libraries into
namespace packages.
* Move __version__ and __author__ from ansible/__init__ to
ansible/release.py. This is because namespace packages only load one
__init__.py. If that is not the __init__.py with the author and
version info then those won't be available.
* In ziplaoder, move the version ito ANSIBLE_CONSTANTS.
* Change PluginLoader to properly construct the path to the plugins even
when namespace packages are present.
Updated python module wrapper explode method to drop 'args' file next to module.
Both execute() and excommunicate() debug methods now pass the module args via file to enable debuggers that are picky about stdin.
Updated unit tests to use a context manager for masking/restoring default streams and argv.
This reverts commit 1ffadbcc80.
Some modules seem to have path listed for things that are "commands" --
something that may be a path to a command or a bare command that should
be looked up in PATH. With this change, if they were formerly looked up
inPATH they are now being made into an absolute path in the cwd.
Reverting this until we can think more about whether to do this and
change those modules to not use path for those parameters.
* Ziploader proof of concept (jimi-c)
* Cleanups to proof of concept ziploader branch:
* python3 compatible base64 encoding
* zipfile compression (still need to enable toggling this off for
systems without zlib support in python)
* Allow non-wildcard imports (still need to make this recusrsive so that
we can have module_utils code that imports other module_utils code.)
* Better tracebacks: module filename is kept and module_utils directory
is kept so that tracebacks show the real filenames that the errors
appear in.
* Make sure we import modules that are used into the module_utils files that they are used in.
* Set ansible version in a more pythonic way for ziploader than we were doing in module replacer
* Make it possible to set the module compression as an inventory var
This may be necessary on systems where python has been compiled without
zlib compression.
* Refactoring of module_common code:
* module replacer only replaces values that make sense for that type of
file (example: don't attempt to replace python imports if we're in
a powershell module).
* Implement configurable shebang support for ziploader wrapper
* Implement client-side constants (for SELINUX_SPECIAL_FS and SYSLOG)
via environment variable.
* Remove strip_comments param as we're never going to use it (ruins line
numbering)
* Don't repeat ourselves about detecting REPLACER
* Add an easy way to debug
* Port test-module to the ziploader-aware modify_module()
* strip comments and blank lines from the wrapper so we send less over the wire.
* Comments cleanup
* Remember to output write the module line itself in powershell modules
* for line in lines strips the newlines so we have to add them back in
The find_mount_point function does not resolve the mount point of paths with a soft-link correctly and returns the wrong mount-point.
I have mounted an NFS filesystem on /nfs-mount. This directory contains a directory called "directory". I also created a soft-link to this last directory: /soft-link-to-directory -> /nfs-mount/directory. I created the following task to copy a file into /soft-link-to-directory:
- name: copy file to nfs-mount
copy:
src: "file"
dest: "/soft-link-to-directory/file"
This throws an exception:
invalid selinux context: [Errno 95] Operation not supported
This is caused by the find_mount_point function to return '/' as the mount point for '/soft-link-to-directory/file'. This should have been /nfs-mount. Because the find_mount_point returns the wrong mount-point, the is_special_selinux_path function does not recognise the file is on an NFS mount and tries to set the default SELinux context (system_u:object_r:default_t:s0), which fails. The context should have been: system_u:object_r:nfs_t:s0
Full Ansible output:
TASK [copy file to nfs-mount] **************************************************
fatal: [hostname]: FAILED! => {"changed": false, "checksum": "f34b60930a5d6d689cf49a4c16bd7f9806be608c", "cur_context": ["system_u", "object_r", "nfs_t", "s0"], "failed": true, "gid": 24170, "group": "foundation", "input_was": ["system_u", "object_r", "default_t", "s0"], "mode": "0644", "msg": "invalid selinux context: [Errno 95] Operation not supported", "new_context": ["system_u", "object_r", "default_t", "s0"], "owner": "root", "path": "/soft-link-to-directory/.ansible_tmpWCT6Z4file", "secontext": "system_u:object_r:nfs_t:s0", "size": 37, "state": "file", "uid": 0}
When working around "bad systems that insist on not allowing
updates in an atomic manner", we should not run previous exception
management code that tries to perform atomic move in case of
exception since the dirty non atomic move has already been
performed.
just 'cause people build bad systems that insist on not allowing
updates in an atomic manner and force us to do them in a very
unsafe way that has race conditions and can lead to many issues.
if using this option you should really be opening a bug report with
the system that only allows for this type of update.
and now i shower though i doubt i'll feel clean
* In 2.0.0.x become was reversed for synchronize. It was happening on
the local machine instead of the remote machine. This restores the
ansible-1.9.x behaviour of doing become on the remote machine.
However, there's aspects of this that are hacky (no hackier than
ansible-1.9 but not using 2.0 features). The big problem is that it
does not understand any become method except sudo. I'm willing to use
a partial fix now because we don't want people to get used to the
reversed semantics in their playbooks.
* synchronize copying to the wrong host when inventory_hostname is
localhost
* Fix problem with unicode arguments (first seen as a bug on synchronize)
Fixes#14041Fixes#13825
* now module errors clearly state msg=MODULE FAILURE
* module's stdout and stderr go into module_stdout and module_stderr keys
which only appear during parsing failure
* invocation module_args are deleted from results provided by action
plugin as errors can keep us from overwriting and then disclosing info that
was meant to be kept hidden due to no_log
* fixed invocation module_args set by basic.py as it was creating different
keys as the invocation in action plugin base.
* results now merge
It is natural that an argument_spec with choises=BOOLEAN accepts
boolean literal (True, False) though the current implementation
allows only string or int.
(Reminder: cannot use six here, module_utils get shipped to remote
machines that may not have six installed -- besides six doens't support
Python 2.4.)
* allow global no_log setting, no need to set at play or task level, but can be overriden by them
* allow turning off syslog only on task execution from target host (manage_syslog), overlaps with no_log functionality
* created log function for task modules to use, now we can remove all syslog references, will use systemd journal if present
* added debug flag to modules, so they can make it call new log function conditionally
* added debug logging in module's run_command
Make the code compatible with Pythons 2.4 through 3.5 by using
sys.exc_info()[1] instead.
This is necessary but not sufficient for Python 3 compatibility.
If you look at the meaning of the different syslog levels, NOTICE means that the event may need someone to look at it. Whereas INFO is pure informational.
Since module invocations are in fact requested (deliberate) actions, they shouldn't need any additional post-processing, and therefore should not be logged as NOTICE.
This may seem like hairsplitting, but correctly categorizing system events helps weeding through the noise downhill.
According to Wikipedia: https://en.wikipedia.org/wiki/Syslog
5 Notice notice Events that are unusual but not error conditions .
6 Informational info Normal operational messages -no action required. Example an application has started, paused or ended successfully.
There is a common pattern in modules where some parameters are required
only if another parameter is present AND set to a particular value. For
instance, if a cloud server state is "present" it's important to
indicate the image to be used, but if it's "absent", the image that was
used to launch it is not necessary. Provide a check that takes as an
input a list of 3-element tuples containing parameter to depend on, the
value it should be set to, and a list of parameters which are required
if the required parameter is set to the required value.
With this fix, we get a friendly error message:
failed: [localhost] => {"failed": true}
msg: value of argument start_port is not of type int and we were unable to automatically convert
With this fix, we get a friendly error message:
failed: [localhost] => {"failed": true}
msg: value of argument start_port is not of type int and we were unable to automatically convert
It's up to the module using the set_fs_attributes*/set_mode* methods to
specify the filename of the destination of the symlink if that's really
the file that should be modified.
Half of the fix for:
https://github.com/ansible/ansible-modules-core/issues/778
This locale variable defines how tools should display their messages.
This is for example gonna change the yum message from "Nothing to do" to
"Rien a faire" in my case (french).
As the yum module parses that string in err, if the message is not
enforced in english this is gonna fail.
So this commits just enriches a bit more the code that's already written
for that enforcement.
This commit fixes issue #9635.
There is a common pattern in modules where some parameters are required
only if another parameter is present AND set to a particular value. For
instance, if a cloud server state is "present" it's important to
indicate the image to be used, but if it's "absent", the image that was
used to launch it is not necessary. Provide a check that takes as an
input a list of 3-element tuples containing parameter to depend on, the
value it should be set to, and a list of parameters which are required
if the required parameter is set to the required value.
Also modifies the template action plugin to use this new param
when executing the file/copy modules for templating so that links
are preserved correctly.
Fixes#8998
* makes speed acceptable for some datasets
* obfuscates multiple detected passwords
* obfuscates more characters to account for some corner cases when
trying to detect passwords.
Fixes#8364
Linux and BSD derivatives do not allow unprivileged users to
"give away" files to others for security reasons. (System V
derivatives allow that but they're rare nowadays.)
The run_command module function will now poll stdout/stderr for
data rather than using the builtin command communicate(), which can
hang under certain circumstances.
Fixes#7452Fixes#7748Fixes#8163
* Strip lookup calls out of inventory variables and clean unsafe data
returned from lookup plugins (CVE-2014-4966)
* Make sure vars don't insert extra parameters into module args and prevent
duplicate params from superseding previous params (CVE-2014-4967)
The distro version is a string ('jessie/sid') on Debian unstable and testing.
Because load_platform_subclass() evaluations every subclass as it loops,
comparing numbers when get_distribution_version() does not return a number will
break.
This patch fixes that by returning a number (`0`) when we have an invalid
version, instead of returning `None` or a string.
The new CentOS 7 beta lists the distribution as "CentOS Linux", which
breaks the distribution detection and class loading. This patch fixes
that by taking just the first entry in the string when a space is
detected.
If the module directory is not writable/executable to the current user
(most likely because of a sudo to a non-root user), the ssh_wrapper
will be created in the default location for mkstemp() calls. To facilitate
the deletion of these new files, a new mechanism for cleaning up files
created by the module was also added.
Fixes#7375
This is a corner case for remote file systems that don't support
chown() and where the source and destination for the atomic_move
are on that remote file system.
Fixes#7372
Previously, we set the LANG (and LC_CTYPE) environment variables
directly in the module code and applied them with os.environ().
Instead, we are now pre-pending those variables to the environment
string used to execute the command which allows the user to
override the localization values by setting the environment values
directly (even on a per-task basis):
- subversion: repo=file:///path/to/repos/svn_über dest=/tmp/svntest
environment:
LANG: "C"
LC_CTYPE: "en_US.UTF-8"
So if a user wishes to default their LANG back to C, they can still
avoid unicode issues by doing the above.
Fixes#7060
On some very old simplejson does not support the 'encoding' and give
following exception:
TypeError: __init__() got an unexpected keyword argument 'encoding'
This fix runs json.dump with no encoding key (such as before #a023cb) on
TypeError exception only.
- unified set attribute functions ... not sure why 2 identical functions
exist with diff names, now there are 3 while i repoint all modules to 1
- fixed issue with symlinks being created w/o existing src when force=no
- refactored conditionals, simplified where possible
- added tests for symlink to nonexistant source, with both force options
- made symlink on existing attomic (force)
