AWS security groups are unique by name only by VPC (Restated, the VPC
and group name form a unique key).
When attaching security groups to an ELB, the ec2_elb_lb module would
erroneously find security groups of the same name in other VPCs thus
causing an error stating as such.
To eliminate the error, we check that we are attaching subnets (implying
that we are in a VPC), grab the vpc_id of the 0th subnet, and filtering
the list of security groups on this VPC. In other cases, no such filter
is applied (filters=None).
EC2 Security Group names are unique given a VPC. When a group_name
value is specified in a rule, if the group_name does not exist in the
provided vpc_id it should create the group as per the documentation.
The groups dictionary uses group_names as keys, so it is possible to
find a group in another VPC with the name that is desired. This causes
an error as the security group being acted on, and the security group
referenced in the rule are in two different VPCs.
To prevent this issue, we check to see if vpc_id is defined and if so
check that VPCs match, else we treat the group as new.
While from the documentation[1] one would assume that replacing
CAPABILITY_IAM with CAPABILITY_NAMED_IAM; this as empirically been shown
to not be the case.
1: "If you have IAM resources, you can specify either capability. If you
have IAM resources with custom names, you must specify
CAPABILITY_NAMED_IAM."
http://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html
Previously, when the attributes of a GCE firewall change, they were ignored. This PR changes that behavior and now updates them.
Note that the "update" also removes attributes that are not specified.
An overview of the firewall rule behavior is as follows:
1. firewall name in GCP, state=absent in PLAYBOOK: Delete from GCP
2. firewall name in PLAYBOOK, not in GCP: Add to GCP.
3. firewall name in GCP, name not in PLAYBOOK: No change.
4. firewall names exist in both GCP and PLAYBOOK, attributes differ: Update GCP to match attributes from PLAYBOOK.
Current module fails when tries to assign floating-ips to server that
already have them and either fails or reports "changed=True" when no
ip was added
Removing floating-ip doesn't require address
Server name/id is enough to remove a floating ip.
This parameter was actually added in 2.0. It's just that the
documentation in previous versions of the module were wrong (it said the
name was "network" rather than "name.) I've renamed the parameter in
the documentation of prior versions so ansible-module-validate should no
longer think that this is a new parameter.
The module would raise a KeyError trying to find the save_config key
which is not present in the argument_spec. This was caused by the
check_args() function. Since the ios shared argument spec isn't used
the check_args function is not needed and has been removed.
This removes the get_module() factory function and directly creates
an instance of NetworkModule. This commit includes some minor clean
up to transition to the ios shared module for 2.2
The shade update_router() call will return None if the router is
not actually updated. This will cause the module to fail if we
do not protect against that.
* using check mode will now block all commands except show commands
* module will no longer allow config mode commands
* check args for unused values and issue warning
This refactors the ios_config module to use the network module added
in 2.2 to simplify common network functions
new features
* add src, dest arguments for working with config
* results now return flag if the config was saved or not
* adds append argument for updating the dest file (when dest is used)
The os_server module could automatically generate a floating IP for
the user with auto_ip=true, but we didn't allow for this FIP to be
automatically deleted when deleting the instance, which is a bug.
Add a new option called delete_fip that enables this.
* Revert PR #3575 since it causes problems related to exclude patterns
By using a different method for getting archive filelists, and extracting we introduced new problems related to excluding based on gtar patterns.
As a result files that would be excluded by gtar, would still be in the filelist. Implementing our own gtar compatible pattern exclusion mechanism is near to impossible (believe me, we looked at it...). The best way is to look at the original problem and deal with that, and ensure that extraction and filelists are done with the exact same tool and exact same options.
The solution is to decode the octal unicode representation in gtar's output back to unicode. Since gtar has no problem extracting these files in LANG=C, we simply has to compensate for it.
This reverts #3575 and fixes#11348.
* Implement codecs.escape_decode() instead of decode("string_escape") for python3
* remove unused variables
* fetch branch name instead of HEAD
fix#3782, which was introduced by f1bacc1d3f9578f26d4ae2f66112cbb2509a7fe8
* disable git depth option for old git versions
fixes#3782
git support for `--depth` did not fully work in old git versions (before 1.8.2)
fall back to full clones/fetches on those versions
* raise required git version to 1.9.1 for depth option
* use correct depth argument in switch_version
* service module: use sysrc on FreeBSD
sysrc(8) is the designated userland program to edit rc files on FreeBSD.
It first appeared in FreeBSD 9.2, hence is available on all supported
versions of FreeBSD.
Side effect: fixes#2664
* Incorporate changes suggested by bcoca.
- Use `get_bin_path` to find sysrc binary.
- Only use sysrc when available (support for legacy versions of FreeBSD)
Without this, ansible 2.1 will convert some arguments that are
meant to be dict or list type to their str representation.
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Change the file mode arg to 'raw' ala file args
Following the file_common_args model, change the
type of the 'mode' arg here to type='raw' with no
default arg value.
The default mode for file creation is the module
constant DEFAULT_SOURCES_PER, and is used if no
mode os specified.
A default mode of 0644 (and not specified as int or str)
would get converted to an octal 420, resulting in the
sources file being created with mode '0420' instead of '0644'
Fixes#16370
The `source_dest_check` and `termination_protection` variables are being
assigned twice in ec2.py, likely due to an incorrect merge somewhere
along the line.
* A few more sanity checks for detecting unzip output that's not a file entry
Also note that there's a rounding error somewhere in the mtime
comparison code.
* Fix reference to sub-array
Because the async_status module will read from the same file that
the async_wrapper module is writing, it's possible that the file
may not be fully synced during a read, causing spurious failures.
Use a temp file to do an atomic operation on the file. We can't
use atomic_move() here as that doesn't work properly under async.
Also, let's not read concurrently from the same file the subprocess
is writing to. Instead, capture stdout/stderr via PIPE and write to
the file to avoid nasty races.
* This adds support the CommandRunner to handle executing commands on
the remote device.
* It also changes the waitfor argument to wait_for to remain compatable
with other modules and adds an alias for waitfor.
* Restricts commands to show commands only when check mode is specified.
* add version_added to wait_for doc string
The IAM group modules were not receiving the `module` object, but they
use `module.fail_json()` in their exception handlers. This patch passes
through the module object so the real errors from boto are exposed,
rather than errors about "NoneType has no method `fail_json`".
$source check causes:
FAILED! => {"changed": false, "failed": true, "msg": "A parameter cannot be found that matches parameter name 'Source'."}
$Params.Remove causes:
FAILED! => {"changed": false, "failed": true, "msg": "Method invocation failed because [System.Management.Automation.PSCustomObject] does not contain a method named 'Remove'."}
* Change documented options for os_networks_facts
os_network_facts currently lists 'network' as an available option, taking the Name or ID. In Ansible 2.0.2 to 2.2.0, this is not valid. Options 'name' and 'id' should be used instead.
* Update os_networks_facts.py
* Update os_networks_facts.py
Set version_added to the only accepted value
* Update os_networks_facts.py
Removed inappropriate 'ID' parameter
When `version` is not specified, it defaults to "HEAD". "HEAD" is not a
remote tag, and it's not listed in the output of get_branches(), so we'd
keep repo_updated at the default value (None) and then return early with
changed=True in --check mode, even when before == after.
Fixes#3024.
Ceph Object Gateway (Ceph RGW) is an object storage interface built on top of
librados to provide applications with a RESTful gateway to Ceph Storage
Clusters:
http://docs.ceph.com/docs/master/radosgw/
This patch adds the required bits to use the RGW S3 RESTful API properly.
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Prior to Python 2.5, SystemExit was a subclass of Exception.
In Py2.4, this is causing extra error output on valid sys.exit(0).
(Toshio) Call sys.exit from inside of the SystemExit exception handler so py2.4 and py2.5+ behaviour matches
* Fixing compile time errors irt a) exception handling for Python 3 in util, also: b) problem octal usage (fixed) and c) print json_dump -> print(json_dump(xyz) ... et al
* This code was not Python 2.4 compliant. Octal codes and exception handling is now working with Py 2.4, 2.6, & 3.5.
* Fixing formating (or rather reverting an non 2.4 compatible change). Works in compile & runtime checking.
* a) revert to use print sys.stderr not fail_json; b) fixed var name in exception
* Python 3 compatible print (print >>sys.stderr will generate a TypeError - now uses sys.stderr.write instead).
The "Developing Modules" documentation states:
Include a minimum of dependencies if possible. If there are
dependencies, document them at the top of the module file, and have
the module raise JSON error messages when the import fails.
When docker_service runs on a remote host without PyYAML it crashes with
ImportError.
This patch raises a JSON error message when import fails, but only if
the PyYAML module is actually used. It's only needed when the
"definition" parameter is given.
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
The example for delete=yes does not specify recursive although it is
required. In addition, the wording for the delete option is confusing
about from where files are really deleted. This should clarify that.
* Update GitHub templates to reflect ansible/ansible
Update the GitHub templates to what is used for some time on ansible/ansible
For more information, see ansible/ansible#15961
* Small improvement from ansible/ansible
* Improve the unzip output scraping
Ensure we capture the complete file (also when it includes spaces).
Drop lines that do not conform (in length) to what we expect (e.g. header/footer).
This fixes#3813
* Fix how split() works
* remove unused variables
* fetch branch name instead of HEAD
fix#3782, which was introduced by f1bacc1d3f9578f26d4ae2f66112cbb2509a7fe8
* disable git depth option for old git versions
fixes#3782
git support for `--depth` did not fully work in old git versions (before 1.8.2)
fall back to full clones/fetches on those versions
Reading the entire tar file into memory can result in out-of-memory
conditions such as this traceback:
Traceback (most recent call last):
File "/tmp/ansible_YELTSu/ansible_module_docker_image.py", line 486, in load_image
self.client.load_image(image_data)
File "/usr/local/lib/python2.7/dist-packages/docker/api/image.py", line 147, in load_image
res = self._post(self._url("/images/load"), data=data)
...
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 848, in _send_output
msg += message_body
MemoryError
Luckily docker-py's load_image(), which calls requests post(), accepts a
file-like object instead of a string. Pass in the file object to avoid
reading the full file into memory. This allows larger tar files to load
succesfully.
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
* This moves the lines in the code that parse the `env` and `env_file` options for docker to the end of the `__init__()` function.
This is needed because the `_check_capabilites` function needs both a working `self.client` and a proper `self.docker_py_versioninfo`.
`_check_capabilities` is used by `ensure_capabilities` which is, in turn, used by `get_environment`
This means that before this commit, the environment variables could not be loaded because both `self.client` and `self.docker_py_versioninfo` were not set at that time.
This commit fixes that by putting the environment variable parsing after those two.
* This moves the lines in the code that parse the `env` and `env_file` options for docker to the end of the `__init__()` function.
This is needed because the `_check_capabilites` function needs both a working `self.client` and a proper `self.docker_py_versioninfo`.
`_check_capabilities` is used by `ensure_capabilities` which is, in turn, used by `get_environment`
This means that before this commit, the environment variables could not be loaded because both `self.client` and `self.docker_py_versioninfo` were not set at that time.
This commit fixes that by putting the environment variable parsing after those two.
The default pagination is every 100 items with a maximum of 1000 from
Amazon. This properly uses the marker returned by Amazon to concatenate
the various pages from the results.
This fixes#2440.