* Handle errors in jmespath in json_query better
Catch any exceptions raised from jmespath and raise
an AnsibleFilterError instead.
Avoid a traceback.
Fixes#20379
* pep8
* Fix logic in os_nova_host_aggregate module
Fix logic around adding availability zone to metadata and comparing existing host list to parameter host list.
Previously, when no availability zone was defined, an empty availability zone was being appended to metadata. This was causing 'empty named availability zone' errors when running the module against an already existing host aggregate with no availability zone. This was fixed by only appending availability zone to metadata if it is not an empty parameter.
Also added set() casting when comparing existing and new host lists. Previously, if existing host list was not in the same order as the host list in the .yml parameter file the module would consider this a change even if the two lists had the same entries.
* Update os_nova_host_aggregate.py
Currently the ignore_image option can be set, but can not work as it is
descripted in document. The reason is the code will check the difference
of configurations between current container and target image, and it
will mark the `different` to `True` when the image is different even we
set `ignore_image=true`, that will cause the container being re-create.
Add new option to pass the path to the hponcfg binary which may not live in
$PATH. For example on ESXi hypervisors it tends to be located in
/opt/hp/tools/ instead. Also properly implement a verbose option for which the
code was already commented out.
The command lxc-clone is deprecated in favor of lxc-copy. This patch
changes the lxc module to use the new lxc-copy command by default. If
not present, it will fallback to the old lxc-clone command to keep it
backward compatible with older versions of lxc.
As discussed in full at https://github.com/datacenter/aci-ansible
we desired a better naming convention for ACI modules before they ship
with Ansible v2.4
The result is summarized in this PR.
The modules now also include the classes from the object model, as well
as a link to the documentation.
When verifying if a router needs update, the os_router module should
take into account only network ports which are owned by routers. Other
ports might have been added e.g. by the HA network tenant, which would
lead the router to always be detected as changed and cause the module to
try removing these network interfaces.
* add infinity ansible module into ansible package
* move infinity to be the correct direction without a folder
* remove dependency on requests library and use ansible built-in method to send rest api call
* add missing whitespace
* Use open_url from module_utils instead of urlopen based on suggestions
* correct the path for infinity ansible modue, moving it into the ansible/modules/network/infinity
* make change on the documentation and code based on feedback
* change the data type in the Return documentation based on feedback
* add importing for path and define metaclass based on testing failure
* change the postion of importing __future__
* Move Infinity module from Network module into net_tools directory based on review
* put back the file that is accidently removed
* change ansible-metadata version to be 1.1
* Fix for os_recordset.py to filter based on record type. Fixes https://github.com/ansible/ansible/issues/19572
* remove redundant variable
* Needing to use recordset ID to update and delete records. Using the record name for update/delete causes issues when A and AAAA records exist for a name
* Adding exception handling for dictionary item
* alternatives: add integration tests
* alternatives: handle absent link (fix AttributeError)
Error occurred at least on Debian Stretch and OpenSuse 42.2:
Traceback (most recent call last):
File "/tmp/ansible_RY6X41/ansible_module_alternatives.py", line 161, in <module>
main()
File "/tmp/ansible_RY6X41/ansible_module_alternatives.py", line 113, in main
current_path = current_path_regex.search(display_output).group(1)
AttributeError: 'NoneType' object has no attribute 'group'
update-alternatives stdout sample:
dummy - manual mode
link best version is /usr/bin/dummy1
link currently absent
link dummy is /usr/bin/dummy
* alternatives: PEP 8 fixes
* alternatives: fix copyright in integration tests
* alternatives: nested loops handle more than 2 items
Thanks to Michael Scherer (@mscherer) for pointing that.
* alternatives: enable integration tests
* refactors nxos_vrf_af module
fixes#27595
* fix up unit test cases
* add commands to result dict
* add route-target on afi create
* adds deprecation note to safi argument
* updates network parse_cli filter to handle blocks from output
* minor updates to finish up parse_cli filter
* all vars are now under the vars key
* attributes key has been changed to keys
* added the start_block and end_block directives
* update PEP8 failures
When comparing expected and current value for keyUsage and
extendedKeyUsage current behavior is not deterministic.
As we compare two arrays, based on the order the value have been
specified, False might be returned when the two arrays actually matches.
In order to have a deterministic comparison we compare sets rather than
arrays.
* Add network value to support_by field.
* New support_by value, certified
* Deprecate curated in favor of certified
* Add conversion from 1.0 to 1.1 to metadata-tool
* Add supported by Red Hat field to ansible-doc output
* Added cyberarkpassword lookup plugin
Added cyberarkpassword lookup plugin: It allows to retrieve credentials
(password, sshkey) from CyberArk Digital Vault
* non-uac works
* switch become/runas to LogonUser/CreateProcessWithTokenW
* fixes#22218
* provides consistent behavior across authtypes
* auto-elevates on UAC if target user has SE_TCB_NAME ("Act as part of the operating system") privilege
* sets us up for much more granular capabilities later (eg, network/service/batch logons)
* New Cisco ACI Attachable Entity Profile Module
* PEP8 Verified
* Various Fixes
* Refactored: aci_aep
* Updated to the latest changes from aci-ansible
* And a small cosmetic change
* - deprecated panos_nat_policy in lieu of pano_nat_rule that uses next generation SDK (PanDevice). Also renamed the module so that is aligns with API calls and UI framework.
* - ansible_metadata requires metadata_version instead of just version key in 2.4
* PEP8 changes
* PEP8 changes
* Emit deprecation warning and add boilerplate
* ansible-inventory cli tool
added vars dump to graph
made yaml inventory dump actual yaml inventory format
cleaner dump
fixed graph, no dump needed
add pulling in host/group vars
pep indentation crime
added docstring for manpage autodoc
remove ansible_facts from output
added api compat layer
allow import from new and old APIs
better conditional for <2.4
pe4+p4
test stuck on OS X (seems popular today) but passes rest, merging anyways
* - renamed panos_security_policy to panos_security_rule in order to better align with UI and API calls
* - fixed PEP8 issues
* - ansible bot does not like multiline comments. Using > for now.
* Add deprecation warning and boilerplate
* Ansible Config part2
- made dump_me nicer, added note this is not prod
- moved internal key removal function to vars
- carry tracebacks in errors we can now show tracebacks for plugins on vvv
- show inventory plugin tracebacks on vvv
- minor fixes to cg groups plugin
- draft config from plugin docs
- made search path warning 'saner' (top level dirs only)
- correctly display config entries and others
- removed unneeded code
- commented out some conn plugin specific from base.yml
- also deprecated sudo/su
- updated ssh conn docs
- shared get option method for connection plugins
- note about needing eval for defaults
- tailored yaml ext
- updated strategy entry
- for connection pliugins, options load on plugin load
- allow for long types in definitions
- better display in ansible-doc
- cleaned up/updated source docs and base.yml
- added many descriptions
- deprecated include toggles as include is
- draft backwards compat get_config
- fixes to ansible-config, added --only-changed
- some code reoorg
- small license headers
- show default in doc type
- pushed module utils details to 5vs
- work w/o config file
- PEPE ATE!
- moved loader to it's own file
- fixed rhn_register test
- fixed boto requirement in make tests
- I ate Pepe
- fixed dynamic eval of defaults
- better doc code
skip ipaddr filter tests when missing netaddr
removed devnull string from config
better becoem resolution
* killed extra space with extreeme prejudice
cause its an affront against all that is holy that 2 spaces touch each other!
shippable timing out on some images, but merging as it passes most
* - deprecated panos_address and panos_service in lieu of common panos_object
* - deprecated/removed panos_address and panos_service in lieu for panos_object
* squash! - deprecated/removed panos_address and panos_service in lieu for panos_object
* - fixed PEP8 issues
* - ansible_metadata requires metadata_version instead of just version key in 2.4
* add > to multi line descriptions
* update version string to 2.4
* Update legacy-files.txt
* prompt for new pass on create/encrypt if none specified
Make 'ansible-vault' edit or encrypt prompt for a password
if none or provided elsewhere.
Note: ansible-playbook does not prompt if not vault password
is provided
* dont show vault password prompts if not a tty
* Fail if an empty string is set as src for copy module
Fixes#27363
* Cleanup task formatting on copy tests
Use multi-line YAML
Add debug statements with verbosity: 1 rather than leave them in there commented out.
* Add test for empty string as source
* Do more checks in order to add more specific errors messages
Add more integration tests for the various failure scenarios.
Cleanup some syntax on existing integration test tasks.
* Add config option for a default list of vault-ids
This is the vault-id equilivent of ANSIBLE_DEFAULT_PASSWORD_FILE
except ANSIBLE_DEFAULT_VAULT_IDENTITY_LIST is a list.
* Better handling of empty/invalid passwords
empty password files are global error and cause an
exit. A warning is also emitted with more detail.
ie, if any of the password/secret sources provide
a bogus password (ie, empty) or fail (exception,
ctrl-d, EOFError), we stop at the first error and exit.
This makes behavior when entering empty password at
prompt match 2.3 (ie, an error)
* Add comment option to authorized_keys
* Update version_added for authorized_keys comment
* PEP8
* Include index rank in parsed_key_key
* Properly display diff
Only display diff if specificed via settings
* Fix PEP8 test failure
Removed from legacy files since it is now properly formatted
* Cleanup integration test formatting and add test for new comment feature
* Correct version_added for new option
* Add intent arguments for ios_interface
* Intent argument support
* Integration test case for intent arguments
* Fix ci issue
* Add intent arguments for iosxr_interface
* Add intent check support for iosxr_interface
* Integration test for intent + configuration
* Fix ci failure
* Handle common agrument in aggregate parameter for vyos module
* Add supoort to set parameter in aggregate to it's respctive
top level argument if value not provided in aggregate.
* Aggregate argument spec validation
* Documentation for aggregate
* Fix unit test failure
Allow user to mark the x509v3 extensions as critical, by specifying the
$extension_critical boolean, where $extension is the name of the
extension.
Currently this module supports only 3 differents x509v3 extensions:
* keyUsage
* extendedKeyUsage
* subjectAtlName
There are more to come.
* circonus_annotation: clean description
- add 'default' field
- default value for 'required' field is false
- use formatting function
* circonus_annotation: clean argument_spec
remove useless conversion
default of 'required' False
use 'default' when possible
* circonus_annotation: fix pep8
* circonus_annotation: add RETURN block
* circonus_annotation: check_mode isn't supported, add a note
* aci_lldp_interface_policy: Manage LLDP interface policies
Module to manage LLDP interface policies on Cisco ACI fabrics.
This module is idempotent, and supports check-mode and has diff-support.
* Rename aci_lldp_interface_policy to aci_lldp_policy
* [password] _random_password -> random_password and moved to util/encrypt.py
* [passwordstore] Use built-in random_password instead of pwgen utility
* [passwordstore] Add integration tests
* First batch of modules renamed from plural to singular
Related to this proposal: https://github.com/ansible/proposals/issues/10
* Emit rename deprication warning
* Update legacy-files.txt and skip.txt to reflect new names
pip to core because users frequently use pip to install packages to run
ansible modules.
win_chocolatey to community as it still needs some work before we'd be
ready to include it in core support.
vca module utility uses response object instead of
response.content which raises exception in while fail_json
call. Use content attribute from response object instead which
is exact description of HTTP Response error.
Fixes#25378
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
1fe67f9 introduced retries to the ssh connection put file and fetch
file. Unfortunately, that change broke the smart transport because it
started raising exceptions instead of returning from _run(). This
breakage is documented in #23711.
An attempt to fix it was made at #23717 but the first attempt was
objected to as needing to touch too much code. The second attmept was
objected to as smart was forced to encapsulate retries (thus retrying
a sftp "rety" times before trying scp "retry" times and then finally
moving onto piped). This third attempt has retries encapsulate smart.
So each sub-transport is tried once and if all three fail, another retry
attempt is made which tries each of the three again.
Fixes#23711Fixes#23717
* Add state intent argument in vyos interface
* State intent argument support
* Integration test for supported intent arguments
* Add intent testcase
* FIx ci issue
* junos_interface intent arguments
* Add check for intent argument in junos_interface
* Integration test for intent arguments
* Minor type fixes
* Add delay only if config diff is present
* add enabled configuration argument
* net_interface test case changes
* Minor doc change
Tested with:
from datetime import datetime, timedelta
from dateutil.relativedelta import relativedelta
n = datetime.now()
assert n + timedelta(days=365) == n + relativedelta(years=1)
* Fixes#28016: rabbitmq_plugin for Windows
* Disable documentation check for rabbitmq_plugin.ps1
* Renamed rabbitmq_plugin -> win_rabbitmq_plugin
* Fixed the documentation after review
* Fixed 'RETURN' section
* Fixed docs for original module
* Added dots to original module docs.
* Optimize template
* In fixing template to handle diff correctly #24477, I introduced more
round trips to the remote end which slowed things down The new code now
uses one fewer round trips than the old code.
* Reimplement a large part of template by calling the copy action plugin
instead of doing it in template's code. This reduces the code in
template and gives us one place to fix bugs and optimize.
* Add a follow parameter to template that mirrors the follow parameters
for file and copy.
* Fix copy's diff handling (probably broken in my rewrite for in 2.4
development)
* Adjusted when copy creates tmp dirs to rduce round trips in copy and
template.
Fixes#27956
* Fix idempotency for Unix permissions in zip files.
This fix prevents the unarchive module from reporting 'changed' when a zipfile contains items with Unix permissions that differ from the system default.
* Update zip unarchive tests.
Additional tests for the unarchive module with zip files:
- Test file in zip archive with non-default permissions
- Test file added to zip archive with Windows permissions
* Additional fix for mixed win/unix archives.
Turns out my original fix fails under some mixed archives, as setting the umask to zero can be applied to those files. This creates a per-file umask variable, so a mix of permission types don't cause problems.
* CI Checks
CI checks for archives with:
* non default Unix permissions
* Windows permissions
* Workaround for BSD differences.
Using Zipinfo due to lack of support in BSD unzip.
Permissions handling is also different in BSD -- always applies UMASK to file permissions.
* Added checks for creating directories and SSH keys for existing users.
* Add AWSRetry to ec2_asg
* Paginate describing ASGs and launch configurations
pass connection to delete_asg
Fix a couple little bugs
* Use boto3's pagination build_full_result()
* Adapt azure_rm_resource_group to azure 2.0.0 + azure Cli support
* Fix exceptions in Azure ARM plugins
* update azure_rm_networkinterface documention to reflect required params
* change state param to not required for docs in azure_rm_subnet
* fix import to reflect azure==2.0.0 changes
* add aliases and fix docs for azure_rm_storageblob
* add resource_group_name alias to azure_rm_storageaccount_facts
* fix import bug due to change in azure==2.0.0
* fix args bug and enum modules issue
* update docs to reflect azure==2.0.0
* pin management clients to a specific api_version
* update docs to reflect the new azure-ansible-base python package
* add fallback for older api resource group listing
* rework azure dependencies installation
* refactor path joining to a cross-plat solution
* replace boto with boto3 for the s3 module
make s3 pep8 and remove from legacy files
fix s3 unit tests
* fix indentation
* s3 module - if we can't create an MD5 sum return None and always upload file
* remove Location.DEFAULT which isn't used in boto3 and tidy up the docs
* pep8
* s3: remove default: null, empty aliases, and required: false from documentation
fix incorrectly documented defaults
* Porting s3 to boto3. Simplify some logic and remove unused imports
* Fix s3 module variables
* Fix a typo in s3 module and remove from pep8 legacy files
* s3: add pagination for listing objects.
Fix logic and use head_object instead of get_object for efficiency.
Fix typo in unit test.
* Fix pagination to maintain backwards compatibility.
Fix incorrect conditional.
Remove redundant variable assignment.
Fix s3 list_object pagination to return all pages
* Use the revised List Objects API as recommended.
* Wrap call to paginated_list in a try/except
Also remembered to allow marker/prefix/max_keys to modify what keys are listed
* Simplify argument
* use of multiple chocolatey package names
It might be helpful to users, to clarify whether/when <name:> must specify a single package.
Users who are familiar with chocolatey may be accustomed to installing multiple packages in a single invocation of 'choco install'.
I believe win_chocolatey currently accepts multiple package names when state: is latest or present.
For instance, this appears to work currently:
- win_chocolatey:
name: >-
pscx
windirstat
state: latest
However, when state: is absent, uninstall is not performed if multiple package are specified.
The chocolate.log output suggests that chocolatey is treating the multiple packages as an 'exact' name of a single package name:
2017-08-10 19:04:04,087 2424 [DEBUG] - Command line: "C:\ProgramData\chocolatey\choco.exe" list --local-only --exact pscx windirstat
2017-08-10 19:04:04,087 2424 [DEBUG] - Received arguments: list --local-only --exact pscx windirstat
I find the current behavior helpful in terms of accepting multiple package names, even if uninstall must be treated differently.
It might be helpful to show an example of how multiple uninstalls can be handled by looping over them.
- win_chocolatey:
name: "{{ item }}"
state: absent
with_items:
- pscx
- windirstat
* revise per Jordan Borean. remote colon (:) from text. revise formating.
* Update win_chocolatey.py
* Use ChocolateyInstall env variable after installation
Fixes#19725 Custom install locations specified by the ChocolateyInstall
env variable in win_chocolatey
After an initial install of chocolatey, use the ChocolateyInstall
environment variable when assigning $script:executable .
* Improve process of locating "choco.exe" post-initial install
Implement feedback for locating choco:
* Check if choco.exe is in PATH, if there use this
* If not in path and ChocolateyInstall var is available, use that
* Otherwise, use the equivalent of Windows Special Folder CommonApplicationData for locating chocolatey.
(Chocolatey install (v0.10.7) uses CommonApplicationData when ChocolateyInstall is not set.)
* win_hotfix: new module to install Windows hotfixes
* revert to older module util loader style to satisfy the checks for now
* Changes from PR
* changed the test hotfix so we can run tests in shippable
* win_user_right: add module with tests
* fixed up name of module in docs
* forgot the test module
* fixed up whitespace
* changes made to win_user_right based on feedback
* moved away from using secedit to Win32 with P/Invoke
* tidied up copyright for documentation
The prompt_formats dict didn't get the 'prompt_ask_vault_pass'
item added for interactive --ask-vault-pass, which
caused "KeyError: u'prompt_ask_vault_pass'"
Fixes#27885
In answer to #2540, `aptitude` was introduced as tool of choice for running
upgrades in the apt module and installing new packages that arise as
dependencies during upgrades.
This recently lead to problems, as for example Ubuntu Xenial (16.04) ships
without aptitude (installed).
Studying the man pages of both apt-get and aptitude, it appears that we can
achieve the effects of `aptitude safe-upgrade` using
```
apt-get upgrade --with-new-pkgs --autoremove
```
while `aptitude full-upgrade` seems to be identical to `apt-get dist-upgrade`.
We use `apt-get` as described above as a fall-back in case that `aptitude`
cannot be found, issuing a warning when it does so.
Furthermore it introduces a flag `force_apt_get` which may be used to enforce
usage of apt-get (which does not issue a warning).
The integration tests are updated accordingly.
Cf. also the discussion in #27370.
Fixes#18987
* ovirt_templates: added option to name imported disk as a template
* ovirt_templates: added version_added to new attribute
* ovirt_templates: added alias for image_name and example
* added alias glance_image_disk_name for image_name
* example how to import image from glance as template
* improve description of template_image_disk_name
* Add aggregate functionality to eos_vrf
* Add tests for eos_vrf aggregate option
* Remove test2 and test3 vrfs at the beginning of the eos_vrf tests
* Pull all vrfs
With aggregate, we need to get all VRFs and we then compare with
desired VRFs, instead of assuming it will be just one.
* New Module: Notification module for Office 365 Connector Cards (notification/office_365_connector_card)
* Updates per review
* Added connection check when in check mode
* Adding VMware tools module
Functionality: Waits for VMware tools to become available (running
state)
* Adding base integration test preparations
Until govcsim supports actual guest tool status, the tests are disabled
* Cleanup and better getvm method
* Updating Changelog
* Adding required metaclass and future import
* Rename to vmware_guest_tools_wait
* Cleanup of documentation
* Fixing review remarks
This PR includes:
- Removal of get_exception (sadly)
- Avoid deprecating 'state' parameter with aci_rest
- Small fix for querying using aci_rest
Signed-off-by: @bcoca
* template: fix KeyError: 'undefined variable: 0
For compatibility with the Context.get_all() implementation
in jinja 2.9, make AnsibleJ2Vars implement collections.Mapping.
Also, make AnsibleJ2Template.newcontext() handle dict type
for the 'vars' parameter.
See: d67f0fd4cc
Fixes: https://github.com/ansible/ansible/issues/20494
* add units/template/test_vars
* intg tests for jinja-2.9 issues like 20494
test cases here are based on
https://github.com/ansible/ansible/issues/20494#issue-202108318
This commit provides an environment option to change the behaviour so
that it's possible to declare any changes shoudl be considered a junit
failure.
This is useful when carrying out idempotent testing to ensure that
multiple runs are safe and any changes should be considered a test
failure.
In a CI test of an ansible role the practice would be to run the role
once without this to configure the test system, and tehn to run a second
time including this environment vairable so that the CI engine
processing the junit report recognise any changes to be a test fail.
This provides a sensu_client module in order to be able to dynamically
configure a Sensu client.
It takes a different approach than the existing Sensu modules such as
sensu_check but is hopefully a much more flexible and simple way of
handling configurations.
* nxos_bgp_neighbor_af does not want required_together
* fixup tests
* Fix max_prefix_* issues
* Require address-family
* Fix idempotency for next_hop_third_party
* Fix idempotency for allowas_in*
* Fix idempotency for *_in and *_out
* Reorder command generation again
`default` is first, then `max-prefix`, then booleans
* Added in support for 'agent' and 'node' types.
* Tidies and moves `consul_acl` module closer to PEP8 compliance.
* Switched from using byspoke code to handle py2/3 string issues to using `to_text`.
* Made changes suggested by jrandall in https://github.com/ansible/ansible/pull/23467#pullrequestreview-34021967.
* Refactored consul_acl to support scopes with no pattern (and therefore a different HCL defintion).
* Corrects whitespace in Consul ACL HCL representation.
* Fixes Consul ACL to return the HCL equivalent JSON (according to the Consul docs) for the set ACLs.
* Repositioned import to align with Ansible standard (!= PEP8 standard).
* Adds Python 2.6 compatibility.
* Fixes PEP8 issues.
* Removes consul_acl.py as it now passes PEP8.
* Follows advice in the "Documenting Your Module" guide and moves imports up from the bottom.
* Tidies consul_acl module documentation.
* Updates link to guide about Consul ACLs.
* Removes new line spaces from error message string.
* Provide better error message if user forgets to associate a value to a Consul ACL rule.
* Minor refactoring of Consul ACL module.
* Fixes bug that was breaking idempotence in Consul ACL module.
* Detects redefinition of same rule.
* Adds test to check the Consul ACL module can set rules for all supported scopes.
* Fixes return when updating an ACL.
* Clean up of Consul ACL integration test file.
* Verify correct changes to existing Consul ACL rule.
* Adds tests for idempotence.
* Splits Consul ACL tests into cohesive modules.
* Adds test for deleting Consul ACLs.
* Test that Consul ACL module can set all rule scopes.
* Fixes issues surrounding the creation of ACLs.
Thanks for the comments by manos in https://github.com/ansible/ansible/pull/25800#issuecomment-310137889.
* Stops Consul ACL's name being "forgotten" if ACL updated by token.
* Fixes incorrect assignment when a Consul ACL is deleted.
* Fixes value of `changed` when Consul ACL is removed.
* Fixes tests for Consul ACL.
* Adds interal documentation.
* Refactors to separate update and create (also makes it possible to unit test this module).
* Improves documentation.
* Completes RETURN documentation for Consul ACL module.
* Fixes issue with equality checking for `None` in ACL Consul.
* Fixes Python 2 issue with making a decision based on `str` type.
* Fixes inequality check bug in Python 2.
* Adds tests for setting ACL with token.
* Adds support for creating an ACL with a given token.
* Outputs operation performed on Consul ACL when changed.
* Fixs issue with test for creating a Consul ACL with rules.
* Corrects property used to set ACL token in python-consul library.
* Fixes tear-down issue in test that creates a Consul ACL using a token.
A fileglob may issue a warning `Unable to find xxxx in expected paths` when `ansible_search_path` is not defined, because it loops over the characters in the string instead of looping over a list of one element.
* fixes for edge cases - load_balancers has not been specified - don't want to delete existing elbs, wanted elbs aren't a superset of has_elbs (eg. 1 elb existing, adding another), specifying load_balancers: [] to delete existing elbs
* Fix module failure with pacemaker_cluster: state=cleanup
If state=cleanup was used, set_cluster() was being called
with 'cleanup' state which it doesn't handle. Instead
use existing clean_cluster() method.
Fixes#27799
* get and return cluster_state on state=clean as well