* passwordstore: Add configurable locking
Passwordstore cannot be accessed safely in parallel, which causes
various issues:
- When accessing the same path, multiple different secrets are
returned when the secret didn't exist (missing=create).
- When accessing the same _or different_ paths, multiple pinentry
dialogs will be spawned by gpg-agent sequentially, having to enter
the password for the same gpg key multiple times in a row.
- Due to issues in gpg dependencies, accessing gpg-agent in parallel
is not reliable, causing plays to fail (this can be fixed by adding
`auto-expand-secmem` to _~/.gnupg/gpg-agent.conf_ though).
These problems have been described in various github issues in the past,
e.g., ansible/ansible#23816 and ansible/ansible#27277.
This cannot be worked around in playbooks by users in a non-error-prone
way.
It is addressed by adding new configuration options:
- lock:
- readwrite: Lock all operations
- write: Only lock write operations (default)
- none: Disable locking
- locktimeout: Time to wait for getting a lock (s/m/h suffix)
(defaults to 15m)
These options can also be set in ansible.cfg, e.g.:
[passwordstore_lookup]
lock=readwrite
locktimeout=30s
Also, add a note about modifying gpg-agent.conf.
* Tidy up locking config
There is no reason why lock configuration should be part of self.paramvals.
Now locking and its configuration happen all in one place.
* Change timeout description wording to the suggested value.
* Rearrange plugin setup, apply PR feedback
* pmem: Add namespace and namespace_append options
- namespace: Configure the namespace of PMem. PMem should be configured
by appdirect/memmode, or socket option in advance.
- namespace_append: Enables to append the new namespaces.
* Add changelog fragment entry
* Update the changelog fragment
* Update changelog fragment entry
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update to use human_to_bytes
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update to fix the description of namespace_append
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update to release v4.5.0
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update to fix the typo in the description of namespace_append
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
As an input the module receives names of packages to lock.
Those never matched existing entries and therefore always reported
changes.
For compatibility yum is symlinked to dnf on newer systems,
but versionlock entries defer. Try to parse both formats.
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Rework of gitlab_project_variable over gitlab_group_variable
* Linting and removed unused example
* Fix test 2
* Sync from review of gitlab_project_variable #4038
* Linting, default protected True, value optional
* Next version is 4.5.0
* Roll back protected default true, and value not required
* Apply suggestions from code review
Missing check_mode
Co-authored-by: Markus Bergholz <git@osuv.de>
* Fix one unit test, comment test that requires premium gitlab
* Add changelog
* Update plugins/modules/source_control/gitlab/gitlab_group_variable.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/4086-rework_of_gitlab_proyect_variable_over_gitlab_group_variable.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Added conditional gitlab_premium_tests variable when required
* Allow delete without value
* Fix variable name
* Linting
* Value should not be required in doc
* Linting missing new-line
* Update changelogs/fragments/4086-rework_of_gitlab_proyect_variable_over_gitlab_group_variable.yml
Co-authored-by: Markus Bergholz <git@osuv.de>
Co-authored-by: Markus Bergholz <git@osuv.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
The passwordstore lookup plugin depends on parsing GnuPG's
error messages in English language. As a result, detection of
a specific error failes when users set a different locale.
This change corrects this by setting the `LANGUAGE` environment
variable to `C` when invoking `pass`, as this only affects
gettext translations.
See
https://www.gnu.org/software/gettext/manual/html_node/The-LANGUAGE-variable.html
Given a password stored in _path/to/secret_, requesting the password
_path/to_ will literally return `path/to`. This can lead to using
weak passwords by accident/mess up logic in code, based on the
state of the password store.
This is worked around by applying the same logic `pass` uses:
If a password was returned, check if there is a .gpg file it could
have come from. If not, treat it as missing.
Fixesansible-collections/community.general#4185
* Included efidisk0 option to be able to create VMs with persitent EFI disks
* Added forgotten argument to create_vm invocation and missing test for update
* Added changelog fragment relevant to PR
* Fixed documentation issues (missing period, and added version) from review
* Removed breaking change dependency for new option, modified changelog fragment according to review
* Fixed typo in documentation
* Added examples of `efidisk0` usage
* Added examples of `efidisk0` usage
* Fixed lines containing blank spaces
* Rebased on 4.4.0, added efi option, added sanity checks on efi option
* Adjusted version_added to 4.5.0
* Corrected typo in create_vm invocation, adjusted merging of efi and efidisk0 options
* Updated efidosk0 option to dict, added flattening to str, added constraint on bios option if efidisk0 is set
* Replaced loop by list comprehension for efidisk0 flattening
* Removed unused code left over from refactor from efi/efidis0 options
* Add new module: pmem
This commit introduces to pmem module to configure Intel Optane
Persistent Memory modules (PMem).
* Add botmeta
* Update plugins/modules/storage/pmem/pmem.py
* Convert to snake_case options
* Update related to xmltodict
* Update to use list instead of string
* Update to use single quote to the string
* Update plugins/modules/storage/pmem/pmem.py
* Updated keycloak.py to allow defining connection timeout value (#4168) (#2)
* Added parameter to doc_fragments and edited the changelog message (#4168)
* Added parameter to doc_fragments and edited the changelog message (#4168)
* begin add private network
* scaleway_private_network , basic add and remove ok, work in progress
* scaleway_private_network : add search in next page
* scalewy_private_network add tags
* scaleway_private_network fix correct return value for register
* scaleway_privat_network change some text
* fix some sanity
* fix line too long
* fix line too long SCALEWAY_LOCATION
* some change for sanity
* fix sanity again
* add author in BOTMETA
* fix error in name in fike BOTMETA
* Update plugins/modules/cloud/scaleway/scaleway_private_network.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/cloud/scaleway/scaleway_private_network.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/cloud/scaleway/scaleway_private_network.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/cloud/scaleway/scaleway_private_network.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/cloud/scaleway/scaleway_private_network.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/cloud/scaleway/scaleway_private_network.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/cloud/scaleway/scaleway_private_network.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/cloud/scaleway/scaleway_private_network.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/cloud/scaleway/scaleway_private_network.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* add test for scaleway_private_network
* Update plugins/modules/cloud/scaleway/scaleway_private_network.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/cloud/scaleway/scaleway_private_network.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/cloud/scaleway/scaleway_private_network.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/cloud/scaleway/scaleway_private_network.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* opentelemetry: enrich services for jenkins, hetzner, jira, zypper, chocolatey
* remove source and name for the time being
Those arguments can be later on in the future added, maybe with some opt-in feature, so let's only focus in the ones which are fully http based for now
* changelog fragment
* Update changelogs/fragments/4105-opentelemetry_plugin-enrich_jira_hetzner_jenkins_services.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* dconf: Skip processes that disappeared while we inspected them
Fixes#4151
* Update changelogs/fragments/4151-dconf-catch-psutil-nosuchprocess.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* pacman: rewrite with a cache to speed up execution
- Use a cache (or inventory) to speed up lookups of:
- installed packages and groups
- available packages and groups
- upgradable packages
- Call pacman with the list of pkgs instead of one call per package (for
installations, upgrades and removals)
- Use pacman [--sync|--upgrade] --print-format [...] to gather list of
changes. Parsing that instead of the regular output of pacman, which
is error prone and can be changed by user configuration.
This can introduce a TOCTOU problem but unless something else calls
pacman between the invocations, it shouldn't be a concern.
- Given the above, "check mode" code is within the function that would
carry out the actual operation. This should make it harder for the
check code and the "real code" to diverge.
- Support for specifying alternate package name formats is a bit more
robust. pacman is used to extract the name of the package when the
specified package is a file or a URL.
The "<repo>/<pkgname>" format is also supported.
For "state: latest" with a list of ~35 pkgs, this module is about 5
times faster than the original.
* Let fail() actually work
* all unhappy paths now end up calling fail()
* Update copyright
* Argument changes
update_cache_extra_args handled as a list like the others
moved the module setup to its own function for easier testing
update and upgrade have no defaults (None) to let required_one_of() do
its job properly
* update_cache exit path
Shift successful exit without name or upgrade under "update_cache".
It is an error if name or upgrade isn't specified and update_cache wasn't specified
either. (Caught by ansiblemodule required_one_of but still)
* Add pkgs to output on success only
Also align both format, only pkg name for now
* Multiple fixes
Move VersionTuple to top level for import from tests
Add removed pkgs to the exit json when removing packages
fixup list of upgraded pkgs reported on upgrades (was tuple of list for
no reason)
use list idiom for upgrades, like the rest
drop unused expand_package_groups function
skip empty lines when building inventory
* pacman: add tests
* python 2.x compat + pep8
* python 2.x some more
* Fix failure when pacman emits warnings
Add tests covering that failure case
* typo
* Whitespace
black failed me...
* Adjust documentation to fit implicit defaults
* fix test failures on older pythons
* remove file not intended for commit
* Test exception str with e.match
* Build inventory after cache update + adjust tests
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/packaging/os/pacman.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* changelog
* bump copyright year and add my name to authors
* Update changelogs/fragments/3907-pacman-speedup.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* maintainer entry
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update docs helper. Automate generation of 'Merging lists of dictionaries'.
* Updated helper/lists_mergeby/playbook.yml, list of examples and
templates. See playbook.yml on how to create *.out files, test
examples and generate the REST file
filter_guide_abstract_informations_merging_lists_of_dictionaries.rst
* Generated REST file copied to directory rst
* Simplified examples. The common lists are published only once. Only
the expressions are published instead of the whole tasks.
* To change the content of the section 'Merging lists of dictionaries'
update template
filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2
and run the playbook.
* Deleted rst/examples/lists_mergeby. Not needed anymore.
* Update docs/docsite/helper/lists_mergeby/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update Documentation with additional example
* Added an example to have the plugin return an IP address for a Proxmox guest, instead of the name of the guest (default behavior)
* Added an example to include a string literal to every guest (to support a playbook being able to check for variable presence to identify inventory in use)
* Update for line length readability
Co-authored-by: Felix Fontein <felix@fontein.de>
* Changed to cleaner static value
* Changed text for clarity
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* value is not required when state is absent
* fix integration test. missing value
* fix condition
* add changelog fragment
* fail fast
* try required_if on suboptions
* revert
* Update plugins/modules/source_control/gitlab/gitlab_project_variable.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix naming in doc
* typo in name
Co-authored-by: Felix Fontein <felix@fontein.de>
* homebrew_cask: reinstall when force is install option
* add changelog entry
* Fix OSX CI runs - run as non-root
* test with cask that has no macos dependencies
* use `brooklyn` cask to test
* Fully use Ansible's option handling. Deprecate not specifying sender.
* Update plugins/callback/mail.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Added new feature for ansible_user and ansible_port
* Replaced 'try' and 'except' with 'if' condition
* Replace '!=' with 'is not'
* Fixed if condition
* Implement the constructed interface
* Correction at the suggestion of felixfontein
* Added new options in unit test for icinga2 inventory
* Added blank lines in unit test for icinga2 inventory
* Added default filter in example
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fixed variable name in example
Co-authored-by: Felix Fontein <felix@fontein.de>
* Added a changelog fragment
* Fixed changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Updated documentation options
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* add profile parameter for scaleway inventory
* Update doc from review and add changelog
* Update changelogs from review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix local port regex
Thsi PR fix the bug reported in #4091
* Update changelogs/fragments/4092-fix_local_ports_regex_listen_ports_facts.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
When using project it will use project level runner to create runner that based on python-gitlab it will be used for enabling runner and needs a runner_id so for creating a new runner it should use gitlab level runner
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* [inventory/cobbler] Add exclude/include_profile option
Also some minor cleanup
* Review suggestions
* Still must init cache_key
* Add note to exclude_profiles about include_profiles
* Add changelog fragment
* Update docs. Split fiter_guide.rst to files per sections.
* Fix docs.
* Update docs. Split filter_guide_abstract_informations.rst to files per sections.
* Create section 'Merging lists of dictionaries' from the template in helper/lists_mergeby.
* Fixed indentation. Comments and notes added.
* Revert "Fixed indentation. Comments and notes added."
This reverts commit 0f38450868.
* Revert "Create section 'Merging lists of dictionaries' from the template in helper/lists_mergeby."
This reverts commit 5b9d01ec2d.
* linode: Allow templating token for dynamic inventory
Template the value for the access_token if it's a Jinja template.
Allows for looking up tokens from files or pulling from secrets stores like Vault.
* add Linode changelog fragment
* Fix lookup example for newer versions of Ansible
Co-authored-by: Felix Fontein <felix@fontein.de>
* Rename test case for clarity
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* bugfix: don't overwrite results in 'mismatched'
Whichever mismatched package is evaluated last is the value stored in the
'mismatched' key. Instead, it should have a subdict for each pkg that is mismatched
to keep in line with its documented usage.
* Update changelogs/fragments/4078-python_requirements_info.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix 'changed' status for yarn global by actually expanding ~
* Ignore use-argspec-type-path test
* Add changelog fragment
* Update changelogs/fragments/4048-expand-tilde-in-yarn-global-install-folder.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Properly parse JSON Lines output from yarn
* Properly support output of yarn global list
* Add changelog fragment
* Check that the string starts with 'bins-'
* Fix changelog fragment
* Update changelogs/fragments/4050-properly-parse-json-lines-output-from-yarn.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* initial development of homectl module
* botmeta
* fix some linting
* Update .github/BOTMETA.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* use array form of run_command
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* added mofifying user record and cleaned up based on comments
* added updating records/multiple changes regarding options, examples doc, return doc
* add integration tests and more overall improvements
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* removed modify handle within present
* adding more options and better checking of user records when updating
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/system/homectl.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add code review changes
- remove unsafe_shell with run_command.
- use dict.pop() in user_metadata dict.
- consistent quoting to single quotes.
- change logic to determine check mode better
- fix integration tests and added check_mode tests
* Fix handling of mount opts
When a user is created without mountopts homed will use nodev and nosuid
by default, however the user record metadata will not contain these
values. This commit takes extra care that correct value is being set to
true or false. So if a user gives mountopts with just nodev we need to
make sure the nosuid and noexec gets set to false, etc. If mountopts are
same as currently in user record make sure nothing would be changed and
outputs correctly.
Also fixed some tests.
* change fmethod modify_user to prepare_modify_user_command
* Code review fixes and add existing user pw checking
- Added methods to check existing users password is correct by comparing
the hash stored in homed user record and the hash of given password
- Updated integration tests for above case
- Added aliases file so CI can run
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Adding while loop to wait
* Adding changelog fragment
* Adding parameter and more docs
* Adjusting docs
Co-authored-by: Travis Scotto <tscotto@webstaurantstore.com>