The documentation for the `state` field is not very clear.
It says possible values are "installed, uninstalled" and default value is "present"
The examples below alow uses `present` and `absent`.
This patch uses "absent" and "present" instead of "installed" and "uninstalled"
Moreover, this is consistent with other packaging modules, like homebrew itself
This submission makes extensive use of the python-consul library and this is required
as a dependency and can be installed from pip.
The tests were written to target a vagrant cluster which can be setup by following the
instructions here http://github.com/sgargan/consul-vagrant
The 'msg' alias for 'subject' isn't in the documentation, so adding it.
In the gmail example, it uses both the 'subject' and 'msg' params, but 'msg' is an alias of 'subject', so you are essentially declaring the same param twice. If you use this example, then no subject is sent (I tested with gmail). Documentation example is updated to use 'body' as intended.
Also, updated the simple example to use 'subject' instead of the 'msg' alias since it is more explicit.
This manages environment variables in Vixie crontabs. It includes
addition/removal/replacement of variables and ordering via the
insertbefore/insertafter parameters.
Some devices return their description on multiple lines such as:
lldp.eth0.chassis.descr=cisco CISCO7609-S running on
Cisco IOS Software, c7600s72033_rp Software (c7600s72033_rp-IPSERVICESK9-M), Version 12.2(33)SRE3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 26-Jan-11 06:54 by prod_rel_team
The generated fact will result as:
"descr": "cisco CISCO7609-S running on"
This patch fixes the line wrapping to return the full description
handling line breaks:
"descr": "cisco CISCO7609-S running on\nCisco IOS Software, c7600s72033_rp Software (c7600s72033_rp-IPSERVICESK9-M), Version 12.2(33)SRE3, RELEASE SOFTWARE (fc1)\nTechnical Support: http://www.cisco.com/techsupport\nCopyright (c) 1986-2011 by Cisco Systems, Inc.\nCompiled Wed 26-Jan-11 06:54 by prod_rel_team"
The device option was already implemented but omitted from docs and allowed
choices. With the addition of device, a devices failover_state can be
determined.
Fix bug in ansible get_package_state and get_current_version that breaks when there are multiple versions of a package installed and there is a list of packages to install.
The previous implementation used 'zip' to match requested names to installed names which fails, because rpm outputs multiple lines per package when there are multiple versions.
Testcase: Install opensuse, install multiple kernel versions (happens by update)
Before patch: calling
zypper: state=present for name={{item}}
with_items:
- kernel-desktop
- git
leads to ansible aborting.
After the patch ansible performs as expected and makes sure both packages are present.
Also the last version number is used for further update information in this version (before if only one package name was given the oldest version number was used).
According the patch(1) manpage:
The --directory option change to the directory dir immediately, before
doing anything else.
Thus if file is not relative to dir and making file absolute ensure that
patch will find it.
Prior to openssh 6.4, ssh-keygen -F returned 0 (and no output) when no
host was found. After then, it instead returned 1 and no output. This
revised code behaves correctly with either behaviour. There is
currently no other code path that results in exit(1) and no output.
The option parsing object within the module was performing a split
on an '=' sign and assuming that there would only ever be one '='
in a user provided option. Sadly, the assumption is incorrect and
the list comprehension that is building the options list needs to
be set to split on the first occurrence of an '=' sign in a given
option string. This commit adds the required change to make it
possible for options to contain additional '=' signs and be handled
correctly.
This allows one to enable or disable a node, useful for when doing
maintenance on a node to prevent connections from being attempted to it.
This will completely disable the node for any pool it might be in.
* update expected inclusion version
* fix consistency on enabled/absent (now enabled/disabled)
* safely import boto per now style of single-exit and proper JSON
* use new `required_together` module style
Cloudtrail is the AWS auditing configuration. It's fairly simple, but also very important to configuration management/devops/security to ensure it remains enabled. That's why I created it as a module.
- Changes are no longer erroneously reported on RHEL (#12)
- Adding new link groups on Debian works again.
- This was broken in a previous commit by assuming the OS was RHEL
if `update-alternatives --query <name>` had a return code of 2
- Prefer `--display` over `--query` for determining available
alternatives
- --display is more distro-agnostic and simplifies the code
- Fix missing `msg=` in `fail_json` call when `link` is missing
- Document that `link` is required on RHEL-based distros
Tested on Ubuntu 12.04+ and CentOS 6/7
This update will allow people to add a color bar at the front of a
Slack notification using the default 3 colors by name Slack specify
(good, warning, danger).
If no color is specified, or the default is used (normal) then no bar
will be added.
Description and example also added in this update.
Color bars are added by using the attachments json object inside the
payload - this is a very simplistic implementation as using custom
colors or adding titles or other formatting are not included in this
update and if needed I’m sure somebody else can spend the time to add
them later…
Tested with ansible 1.7
Occasionally, `lvcreate` will prompt on stdin for confirmation. In
particular, this may happen when the volume is being created close to
the location on disk where another volume existed previously. When this
happens, Ansible will hang indefinitely with no indication of the
problem. To work prevent this problem, the `--yes` command-line argument
can be passed to `lvcreate`, which will instruct it not to prompt.
Signed-off-by: Dustin C. Hatch <dustin@hatch.name>
* Add support for check mode
* Use "pkgin search" to guarantee 0 or 1 result
* Edit documentation for style, new feature, etc.
* General refactoring
* Lay some groundwork for future support of "state=latest"
These are all the code changes from Brian's review:
* change #! line
* rename "host" to "name" [keep as alias]
* make documentation clearer
* imports 1 per line
* use get_bin_path to find ssh-keygen
* key not actually required when removing host
The known_hosts module lets you add or remove a host from the
known_hosts file. This is useful if you're going to want to use the
git module over ssh, for example. If you have a very large number of
host keys to manage, you will find the template module more useful.
This was pull request 7840 from the old ansible repo, which was
accepted-in-principle but not yet merged. The mailing list thread
reading it is:
https://groups.google.com/forum/#!topic/ansible-devel/_e7H_VT6UJE/discussion
Analyze the given token and use the old webhook format if the token
is old style and use the new format if the token is new style. Make
domain optional with new-style tokens.
Fixes#157
Fix `changed` status that always returns False with composer.
This [previous PR](https://github.com/ansible/ansible-modules-extras/pull/61) had fixed the issue but because of a [Composer recent change](cb336a5416) stderr is now used for reporting information meant for humans while stdout is more for the output of the command.
This PR would definilty solve this issue.
The previous version of this code was supporting only locales using the
format "<language>_<territory>.<charset>". But all the locales that
doesn't have this format were not installable (such as "fr_FR" or
"fr_FR@euro").
Also, if an invalid locales was provided, the module kept sending a
"changed" status.
Now :
* if the user provides an invalid locales, the module failed. Locales
are verified using /etc/locale.gen or /usr/share/i18n/SUPPORTED if
Ubuntu
* Every types of valid locales are now supported.
* The locale module was not working on Archlinux, as there's no space
between the "#" and the locale. This is now supported. Credits goes
to danderson189, this is his code.
This module was tested on debian jessie, ubuntu 14 LTS and last
Archlinux.
The volume create methods were making an assumption on the unit
sizes being presented by the `vgdisplay` and the `lvdisplay`
commands. To correct the assumption the commands will now enforce
a unit size of "g" which will alway convert sives to gigabytes.
This was an issue brought up by @hughsaunders.
The new module will allow users to control LXC containers from ansible.
The module was built for use in LXC >= 1.0 or greater and implements most
of what can be done using the various lxc clients with regards to running
containers. This first module is geared only at managing lxc containers.
The module provides:
build containers
destroy containers
archive containers
info from a single container
start / stop / restart containers
run commands within containers
add/modify lxc config for a container
supports backends including LVM
Some packages attempt to prompt the user for certain settings during
installation. Thus, this parameter sets the environment variable
$BATCH to 'yes', which forces package installation scripts to accept
default values for these interactive prompts. This should work for all
prompts that have a default value and aren't implemented through a
custom script (as this variable is built into the ports/package system).
FIXME: Package install should fail if it prompts and batch isn't set;
currently, the install hangs indefinitely.
TODO: Allow user to specify the answers to certain prompts.
I (github.com/mwpher) have NOT tested this with any packages besides
bsdstats. It's a small improvement, but not a complete answer to all
the complexities of package installation.
The function normalizes checks for UTF-8, but the same issue exists for
other locales as well. This fix adds normalization for EUC-JP, a Japanese
locale.
In case of release repositories or other special cases you might not
need the autorefreshing of the repos. This patch adds a configure
option instead of hard enabling this.
Signed-off-by: Justin Lecher <jlec@gentoo.org>
Currently, either you apply the change in the configuration
of firewalld ( without permanent=True ), or you apply it live.
I most of the time want to do the 2 at the same time, ie open the
port ( so I can use the service ) and make sure it stay open on reboot.
The definition was leaking into ansible.module_utils.basic and causing
type checking to fail when running module as script. Not entirely clear
why this should be the case.
RedHat-based OSes have a version of update-alternatives which comes from
the chkconfig package and does not support the --query parameter. Work
around that.
* The policy is shown in `status verbose`, so all the check mode stuff should keep working.
* `--dry-run` works as expected.
* No idea whether it's legal as an argument to `interface`
re.match in has_changed function never worked properly, because match
requires searched sequence to be present exactly at a start of processed
string, which is not the case here.
All the actions by the mysql_replication plugin can be done by connecting to the NULL database. There is no need to connect to the 'mysql' db, since there are permissions problems when connecting to remote hosts, e.g. when you want to query "SHOW MASTER STATUS" on a remote host.
module.exit_json() does not like when the "changed" variable contains a
match object:
TypeError: <_sre.SRE_Match object at 0x81e2ae58> is not JSON serializable
Running the module with the argument "upgrade=yes" invokes an upgrade of
all installed packages.
While here clean up some comments.
Functionality requested by @qbit.
* Do not use the fstab parameter on openbsd for mounting
OpenBSD's mount command doesn't allow selecting which fstab file to use.
So if we're operating on the live filesystem (mount or remount) return
an error if the user specified an fstab file.
Fixes#5591
* Fix the logic inversion (thanks to @landryb)
The `service` module starts services that are not running when
`action=restarted` or `action=reloaded`, which is especially convenient
for initial deployments because it eliminates an extraneous operation
for when the service starts for the first time. This commit adjusts the
behavior of the `systemd` module to match.
Sets the SSH option `IdentitiesOnly=yes` in the SSH wrapper when a
`key_file` is provided to the git module. This option ensures that
the provided key is used. Otherwise, the system's ssh-agent could
provide undesired identities when connecting.
From ssh_config(5):
> Specifies that ssh(1) should only use the authentication identity and
> certificate files explicitly configured in the ssh_config files or
> passed on the ssh(1) command-line, even if ssh-agent(1) or a
> PKCS11Provider offers more identities. The argument to this keyword
> must be “yes” or “no”. This option is intended for situations where
> ssh-agent offers many different identities. The default is “no”.
* Change example syntax on nxos_feature module
* Change example syntax on nxos_hsrp module
* Change example syntax on nxos_igmp module
* Change example syntax on nxos_interface module
* Change example syntax on nxos_interface_ospf module
* Change example syntax on nxos_ip_interface module
* Change example syntax on nxos_ping module
* Change example syntax on nxos_switchport module
* Change example syntax on nxos_vlan module
* Change example syntax on nxos_vrf module
* Change example syntax on nxos_vrf_interface module
* Change example syntax on nxos_vrrp module
* Change example syntax on meta module
* Change example syntax on set_fact module
* Change example syntax on win_copy module
* Change example syntax on win_file module
* Change example syntax on win_get_url module
Remove escaping of \ characeter in Windows paths since it's no longer required for single quoted or unquoted values when using multi-line YAML syntax.
* Change example syntax on win_lineinfile module
* Change example syntax on win_msi module
* Change example syntax on win_stat module
* Remove nxos_bgp example from nxos_igmp module
* Mark examples as regexp to avoid syntax error
* Cleanup win_copy.py examples
* Cleanup win_file.py examples
* Remove quotes in win_get_url.py examples
* Cleanup quotes and languare in win_lineinfile.py
* Cleanup examples in win_group.py
* Cleanup examples in win_service.py
* Don't use : in documentation because it breaks the YAML syntax check
* Cleanup win_copy.py examples
* Cleanup win_copy.py examples
* Minor change to fix test failure
* Use single quotes
* Update documentation for vyos_command
Add information on new environment variable added in #18546.
Add note on command that should not be run via Ansible.
* White space changes
Two spaces after period.
If 'src_format' is not mentioned in playbook
and config is in text format a list object is
passed to 'guess_format' function instead
of string, hence TypeError execption is seen.
Fix is to pass string object instead of list.
When using a file:// or ftp:// URL the normal provisions that a non-200 status code means error have been disabled.
But the common error status -1 from fetch_url is not properly returning an error message.
This fix ensures that if the status code returns -1, we return a proper error message.
This fixes#3563
* win_msi - Dont list choices twise
http://docs.ansible.com/ansible/win_msi_module.html shows
Choices:
True
True
False
False
As the yes/no are expanded to true/false by the docs generation
* Update win_msi.py
* allow mount to try remount
falls back to unmount/mount
* fixed fstab handling and switched to ismount
custom function deals with bind mounts unlike built in
* un ** args
* last ** args
This updates the pull request template to provide more context about why specific things may be needed. This helps to make it feel like it is being asked for to help the team rather than arbitrary questions that don't seem applicable, such as command output for a docs change.
Allow some operations on missing services
Better sysv handling
Rearranged error reporting
fixed load error catching and order logic
also minor doc/comment updates
added warnings
- Adds the 'link' file_type for finding symbolic or hard links
- Use `os.lstat` instead of `os.stat` to prevent the following
of links when statting the file.
* Change example syntax on os_auth module
* Change example syntax on os_client_config module
* Change example syntax on os_image_facts module
* Change example syntax on os_networks_facts module
* Change example syntax on os_nova_flavor module
* Change example syntax on os_object module
* Change example syntax on os_server module
* Change example syntax on os_subnet_facts module
* Change example syntax on rax_files module
* Change example syntax on rax_files_objects module
* Change example syntax on mysql_db module
* Change example syntax on file module
* Change example syntax on uri module
* Change example syntax on cl_bond module
* Change example syntax on cl_bridge module
* Change example syntax on cl_img_install module
* Change example syntax on cl_interface module
* Change example syntax on cl_license module
* Change example syntax on cl_ports module
* Remove trailing colon
I broke backwards compat with the addition to define when a password
should be updated. It was requiring that a password value be passed when
deleting a user, which seems silly.
This moves the argument logic out of the argument spec and into when it
would be needed, when state is present.
* Change example syntax on supervisorctl module
* Change example syntax or _ec2_ami_search module
* Change example syntax on cloudformation module
* Change example syntax on ec2 module
* Change example syntax on ec2_facts module
* Change example syntax on ec2_eip module
* Change example syntax on rds module
* Change example syntax on route53 module
* Change example syntax on s3 module
* Change example syntax on digital_ocean module
* Change example syntax on docker_service module
* Change example syntax on cloudformation module
* Change example syntax on gc_storage module
* Change example syntax on gce module
* Change example syntax on gce_mig module
* Change example syntax on _glance_image module
* Change example syntax on _keystone_user module
* Change example syntax on _nova_keypair module
* Change example syntax on _quantum_floating module
* Change example syntax on _quantum_floating_ip_associate module
* Change example syntax on _quantum_network module
* Change example syntax on _quantum_router module
* Change example syntax on _quantum_router_gateway module
* Change example syntax on _quantum_router_interface module
* Change example syntax on _quantum_subnet module
* SQUASH _quantum_subnet
* Add missing quotes
* Change example syntax on authorized_key module
* Change example syntax on cron module
* Change example syntax on group module
* Change example syntax on hostname module
* Change example syntax on seboolean module
* Change example syntax on selinux module
* Change example syntax on service module
* Change example syntax on sysctl module
* Change example syntax on systemd module
* Change example syntax on user module
* Change example syntax on debug module
* Change example syntax on fail module
* Change example syntax on include module
* Change example syntax on include_role module
* Change example syntax on include_vars module
* Change example syntax on pause module
* Change example syntax on wait_for module
* Change example syntax on apache2_module module
* > Change example syntax on django_manage module
* Change example syntax on htpasswd module
The new create option with the default value 'no' changes the
behavior from the previous Ansible releases. Change the default to
'yes' to create missing ini files by default.
Fixes: #5488
Moving the "check if min_size/max_size/desired_capacity..." code to execute BEFORE the desired_capacity code is used in the following operation:
num_new_inst_needed = desired_capacity - len(new_instances)
Otherwise the following exception occurs when desired_capacity is not specified and you're replacing instances:
num_new_inst_needed = desired_capacity - len(new_instances)
TypeError: unsupported operand type(s) for -: 'NoneType' and 'int'
Stack Trace:
An exception occurred during task execution. The full traceback is:
Traceback (most recent call last):
File "/var/lib/awx/.ansible/tmp/ansible-tmp-1478229985.74-62334493713074/ec2_asg", line 3044, in <module>
main()
File "/var/lib/awx/.ansible/tmp/ansible-tmp-1478229985.74-62334493713074/ec2_asg", line 3038, in main
replace_changed, asg_properties=replace(connection, module)
File "/var/lib/awx/.ansible/tmp/ansible-tmp-1478229985.74-62334493713074/ec2_asg", line 2778, in replace
num_new_inst_needed = desired_capacity - len(new_instances)
TypeError: unsupported operand type(s) for -: 'NoneType' and 'int'
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "invocation": {"module_name": "ec2_asg"}, "module_stderr": "Traceback (most recent call last):\n File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1478229985.74-62334493713074/ec2_asg\", line 3044, in <module>\n main()\n File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1478229985.74-62334493713074/ec2_asg\", line 3038, in main\n replace_changed, asg_properties=replace(connection, module)\n File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1478229985.74-62334493713074/ec2_asg\", line 2778, in replace\n num_new_inst_needed = desired_capacity - len(new_instances)\nTypeError: unsupported operand type(s) for -: 'NoneType' and 'int'\n", "module_stdout": "", "msg": "MODULE FAILURE", "parsed": false}
to retry, use: --limit @
In cases where a CFN stack could not complete (due to lack of
permissions or similar) but also failed to roll back, the gathering of
stack resources would fail because successfully deleted items in the
rollback would no longer have a `PhysicalResourceId` property.
This PR fixes that by soft-failing when there's no physical ID
associated to a resource.
The Instance UUID(refered to as PersistenceUUID in the API) is a the ID
vcenter uses to idenify VMs.
My use case for this is that I configure Zabbix using ansible and its
vmware module relies on using these to identify VMs.
* Expose internal_network in os_floating_ip
Shade project has finally exposed this argument so now this module
matches old quantum_floatingip module's capabilities.
Use "nat_destination" term instead of "internal_network" to match shade
terminology.
* Add (private|internal)_network aliases to os_floating_ip
* Fix typo in os_floating_ip
stdout lines are now available when certain exceptions occur
(Ref ansible/ansible#18241)
Also noticed that to_lines was essentially handled in
lib/ansible/plugins/action/__init__.py -- only difference was
it didn't handle a list. to_lines() could be removed across
network modules now, but this commit is only for ios_command.
Also adds disconnect() to ios_command that was added
to ios_config in #5247
After installing a package from the ports collection on a
fresh FreeBSD 11.0, Ansible was unable to enable it, failing with
"unable to get current rcvar value". Debugging showed that sysrc
didn't see the variable from /usr/local/etc/rc.d/myservice, but
adding the value was working.
So we will just fallback to the default value if we can't find it.
There is a desire to not have this module always result in a change if a
password argument is supplied. The OpenStack API does not return a
password back when we get a user, so we've been assuming that if a
password argument was supplied, we should attempt to change the password
(even if nothing else is changing), and that results in a "changed"
state. Now we will only send along a password change attempt if the user
wants one (the default to match history).
Fixes#5217
this fix will now handle loading a multiline banner on ios based
devices without hanging. It separates the processing of banners
from the remainder of the config
link #5318
The module will error if it tries to use a cli command that is not available
on a given platform. This fix will address that problem. If the cli
command is not available, then the command is silently discarded and the
facts that the command output is based on is not returned. Any failed
commands are provided in the module return under the failed_commands
key. This fix also updates the Examples docstring to make it consistent
with other ios_* modules
fixes#5444fixes#5372
Allow installation of PPA repositories on non-Ubuntu Debian derived
distribution targets (e.g. neon, Mint, Debian itself) by removing the
specific check for UbuntuDistribution before allowing PPA: format
sources. This fixes the addition of PPA repositories under KDE neon (as
the codenames match the base Ubuntu distribution).
To make the functionality also useful under Mint and Debian which have
different codenames to their Ubuntu upstream / downstream releases, add
a 'codename' option to override the default used in the PPA source
entry.
* Add 'on the remote server' to `file` parameter description
* Add example showing how to use the `file` parameter, with specific
language about the file's location being on the 'remote server'
This fixes the behavior that the dest is directory,
when we set the "force: no" argument.
To be join the dest and the src's basename,
before checking the "force" argument.
* apt: If the cache object fails to lost due to a corrupt file, try to update the cache until it is fixed.
* Append -q to the update parameters
* Remove unused variable
* Use a string that doesn't rely on internationalization
* Use py24 exception style
* Use get_exception
Fixes#2951
* updated `find_job` method to find by exact match of job, when no matching header comment is found
* note this fallback injects a header comment for later calls to `update_job` or `remove_job`
* abstracted header comment building to `do_comment` method
Fixes#3256
In the description of the find module return value, the sample dict
has its key=value strings converted to key=value: None in the
web documentation. This commit updates the sample output to a 'real'
dict.
Minor additional edit in the description: "return list *of* files".
* Use the `to_native` conversion method to convert a command output to the
appropriate form when looking for branch names in the command output,
therefore avoiding a `TypeError` in Python 3.
In python3, response fields are title cased whereas in python2 they were
not. We return these fields to the module's caller so we need to
normalize all of them to be lower case.
This reverts the lowercase check from 454f741ef5b56cccd123e12d7b2e6fe31d47c755
as that one was only targetted as a single field.
Records whether existing cron file (or CRONCMD output) has a terminating newline, and ensures a trailing newline is written as necessary EVEN IF NO CHANGE WAS MADE to the target env/job
Fixes#2316
make format function 'format only'
added platform dependant info, when it is available
avoid rechecking same info
added comments to each info gathering section
(cherry picked from commit a79acf73d7eb79b76d808ff8a1d6c505dfd9ec82)
builddep only requires a source package to be in the repos but our code
was checking for a binary package before running buiddep. Reversing the
order makes it work correctly.
Fixes#4519
* Only change to short IDs for delete
If the user specifies long IDs, use them for all commands except for
deleting a key. Need to use short IDs there because of an upstream
apt_key bug. Fixed in apt_key 1.10 (fix is present in Ubuntu 16.04 but
not Ubuntu 14.0 or some Debians).
Fixes#5237
* Check that apt-key really erased the key
When erasing a key, apt-key does not understand how to process subkeys.
This update explicitly checks that the key_id is no longer present and
throws an error if it is. It also hints at subkeys being a possible
problem in the error message and the documentation.
Fixes#5119
* Fix apt_key check mode with long ids
apt-key can be given a key id longer than 16 chars to more accurately
define what key to download. However, we can use a maximum of 16
chars to verify whether a key is installed or not. So we need to use
different lengths for the id depending on what we're doing with it.
Fixes#2622
Also:
* Some style cleanups
* Use get_bin_path to find the path to apt-key and then use that when
invoking apt-key
* Return a nice user error message if the key was not found on the
keyserver
* Make file and keyring parameters type='path' so envars and tilde are
expanded
* Make authorized_key preserve key order
Track the ordering of keys in the original file (rank)
and try to preserve it when writing out updates.
Fixes#4780
Comparing to the output of run_command() needs to use native strings
Also fix imports: We were relying on them coming from the import of
basic. A few (like yaml) weren't imported at all.
* Add option for number parameter to generate manually provisioned clusters from a base name
* Refactor code to work with starting and stopped when number is specified
* Update docs
* Fix documentation error breaking Travis
* Fixes for async gce operations
* Fix documentation
* base_name from parameter to alias for name and fixes for renaming variables
* Fix breaking change on gce.py
* Fix bugs with name parameter
* Fix comments for Github build checks
* Add logic to set changed appropriately for cluster provisioning
The last fix allowing multiple definitions of the same option key (for
permitopen support) introduced a set() which removed the guaranteed
ordering of the options.
This change restores ordering. The change is larger than simply
removing the set because we do need to handle the non-dict semantics
around keys not being unique in the data structure. The new code make
use of __setitem__() and items() to do its work. Trying to use
getitem() or keys() should be looked upon with suspicion as neither of
those follow dictionary semantics and it is quite possible the coder
doesn't realize this. The next time we need to touch or enhance the
keydict code it should probably be rewritten to not pretend to extend
the dictionary interface.
* Add separate checkout and update parameters
This brings the svn module in line with the git module for controlling
individual update and checkout functionality based on whether the
directory exists or not.
It also allows specifying `no` for both to pull the remote revision
without performing a checkout
* Update version-added for new parameters
* Add separate clone parameter
This brings the hg module in line with the git module for controlling
individual update and checkout functionality based on whether the
directory exists or not.
It also allows specifying `no` for both to pull the remote revision
without performing a checkout
* Reflect the right added ver for the hg clone arg
Support the new native YAML format in the CloudFormation API. This means
the existing `template_format` parameter is deprecated. This commit also
adds a warning for the deprecated parameter.
* Run validate-modules from devel
Use a clean dir for checkout
typo
Correct path
validate-modules requires mock and voluptuous==0.8.8
typo
Ensure script is running
Remove testing debug
Install Ansible only once
Install ansible and validate_modules requirements
Now that we no longer pip install Ansible we need to manually install
it's dependencies
Debug
Dependencies are listed in ansible/ansible
debug
submodules
typo
typo
working
* Matt's feedback
* Use mktemp to checkout and delete directory after running
* Single quotes
the docker container module's `exposed_ports` was slightly ambigous.
Use the official Docker documentation to define what an `exposed port`
is.
Resolves: ansible/ansible-modules-core#5303
Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>
Since dict.keys return a dictkeys under python 3, we hav to cast it
to a list to avoid traceback:
Traceback (most recent call last):
File "/tmp/ansible_sh16ejbd/ansible_module_authorized_key.py", line 496, in <module>
main()
File "/tmp/ansible_sh16ejbd/ansible_module_authorized_key.py", line 490, in main
results = enforce_state(module, module.params)
File "/tmp/ansible_sh16ejbd/ansible_module_authorized_key.py", line 410, in enforce_state
parsed_new_key = parsekey(module, new_key)
File "/tmp/ansible_sh16ejbd/ansible_module_authorized_key.py", line 308, in parsekey
options = parseoptions(module, options)
File "/tmp/ansible_sh16ejbd/ansible_module_authorized_key.py", line 259, in parseoptions
options_dict[key] = value
File "/tmp/ansible_sh16ejbd/ansible_module_authorized_key.py", line 164, in __setitem__
self.itemlist.append(key)
AttributeError: 'dict_keys' object has no attribute 'append'
Yet another fix for https://github.com/ansible/ansible/pull/18053
- Don't rewrite the result; this is causing 'changed=true' on update
- Move AWSRetry import to top since it's a decorator, and is needed at definition-time
- removed star-imports, which wasn't possible in Ansible 1.x
- boto doesn't have any of the modern features (most notably, changesets), so this rewrite goes all-in on boto3.
- tags are updateable, at least in boto3. Fix documentation.
- staying with "ansible yaml to json conversion" because I'm trying to keep this scoped properly. The next PR will have AWS-native yaml support.
- documented the output. Tried to leave it backwards-compatible but the changes to 'events' might break someone's flow. However, the existing data wasn't terribly useful so I don't assume it will hurt.
- split up the code into functions. This should make unit testing possible.
- added forward-facing code: 'six' for iterating, started using AWSRetry, common tag conversion.
- add todo list
- Pass `exception` parameter to fail_json
Since the module use re and os, we need to import them.
And rather than importing '*', we should limit to the
only object/function needed, so we can more easily refactor
later.
The implementation is fairly simple, we force the rc= parameter to not be zero so that the check in _executor/task_result.py_ correctly determines that it failed. Without this change Ansible would report the task to be ok (despite failed=True and msg=Some_error_message) although Ansible stops and the summary output reports a failed task.
This fixes#4214, #4384 and also relates to ansible/ansible#12070, ansible/ansible#16006, ansible/ansible##16597, ansible/ansible#17208 and ansible/ansible#17252
This fixes a bug where the module fails to verify tags. I added a conditional statement in `verify_commit_sign()` that checks if `version` argument is a tag, if so, use `git verify-tag` instead.
Test suite block on:
Traceback (most recent call last):
File "/tmp/ansible_fhootp1e/ansible_module_authorized_key.py", line 496, in <module>
main()
File "/tmp/ansible_fhootp1e/ansible_module_authorized_key.py", line 490, in main
results = enforce_state(module, module.params)
File "/tmp/ansible_fhootp1e/ansible_module_authorized_key.py", line 410, in enforce_state
parsed_new_key = parsekey(module, new_key)
File "/tmp/ansible_fhootp1e/ansible_module_authorized_key.py", line 308, in parsekey
options = parseoptions(module, options)
File "/tmp/ansible_fhootp1e/ansible_module_authorized_key.py", line 253, in parseoptions
if options_dict.has_key(key):
AttributeError: 'keydict' object has no attribute 'has_key'
With keydict being a subclass of dict.
In python 3, filter return a iterator and so result in this traceback:
Traceback (most recent call last):
File \"/tmp/ansible_kzu72kz5/ansible_module_subversion.py\", line 264, in <module>
main()
File \"/tmp/ansible_kzu72kz5/ansible_module_subversion.py\", line 243, in main
local_mods = svn.has_local_mods()
File \"/tmp/ansible_kzu72kz5/ansible_module_subversion.py\", line 178, in has_local_mods
return len(filter(regex.match, lines)) > 0
TypeError: object of type 'filter' has no len()
The keys returned by user objects for default domain and
default project are respectively default_domain_id and
default_project_id.
We need to gather those IDs in case the user passed names, so we
can then compare with the user object on the needs_update helper
function.
Since handler.files_in_archive is a list of files coming from
various executables output, that's a bytes list, and we use it
with dest who is a str. So we need to convert that to native
type.
On python 3, bools is a list of bytes:
>>> rc,bools = selinux.security_get_boolean_names()
>>> 'virt_use_nfs' in bools
False
>>> bools
[b'abrt_anon_write', b'abrt_handle_event', ...]
earlier versions of eos do not support configuration sessions. this change
will now check if sessions are supported and if not will fallback to
not using config sessions
fixes#4909
This fixes two issues. First, it fixes an issue with the junos_config
module not properly recognizing a file with set commands. The second
bug would cause the diff_config() function to raise an exception due
to a blank line when splitting the config
* Fix imports on nxos_bgp* modules
* Fix imports on nxos_evpn* modules
* Cleanup issues for nxos_facts
* Shuffle imports for nxos_template
* Fix imports on nxos_ospf* modules
* Fix nxos_hsrp
As get_hsrp_groups_in_devices is not actually called anywhere, I presume this
change is reasonable.
* Fix imports on nxos_interface* modules
* Update nxos_static_route imports
* update nxos_vrf
* Update nxos_config imports
dopy 0.3.7 makes use of six but doesn't list it as a requirement. This
means that people installing with pip won't get six installed, leading
to errors. Upstream released dopy-0.3.7a to address that but pip thinks
that is an alpha release. pip does not install alpha releases by
default so users aren't helped by that.
This change makes ansible emit a good error message in this case.
Fixes#4613
The comment argument can be at most 60 characters per the IOS XR command
line. If a comment is > 60 characters, the module will now gracefully error
and return a well formed message.
fixes 5146
on python3, this means that we don't get bytes back by default. We
probably do want bytes here so modify our call to run_command so we get
bytes instead of text.
* Restart EC2 instances with multiple network interfaces
A previous bug, #3234, caused instances with multiple ENI's to fail when being
started or stopped because sourceDestCheck is a per-interface attribute, but we
use the boto global access to it (which only works when there's a single ENI).
This patch handles a variant of that bug that only surfaced when restarting an
instance, and catches the same type of exception.
* Default termination_protection to None instead of False
AWS defaults the value of termination_protection to False, so we don't
need to explicitly send `False` when the user hasn't specified a
termination protection level. Before this patch, the below pair of tasks
would:
1. Create an instance (enabling termination_protection)
2. Restart that instance (disabling termination_protection)
Now, the default None value would prevent the restart task from
disabling termination_protection.
```
- name: make an EC2 instance
ec2:
vpc_subnet_id: {{ subnet }}
instance_type: t2.micro
termination_protection: yes
exact_count: 1
count_tag:
Name: TestInstance
instance_tags:
Name: TestInstance
group_id: {{ group }}
image: ami-7172b611
wait: yes
- name: restart a protected EC2 instance
ec2:
vpc_subnet_id: {{ subnet }}
state: restarted
instance_tags:
Name: TestInstance
group_id: {{ group }}
image: ami-7172b611
wait: yes
```
The Conditional instance will now raise the AddConditionError and this
change instructs eos_command to catch the error and return a nicely formed
error message
Per #3877, the code to wait for spot instance requests to finish would
hang for the full wait time if any spot request failed for any reason.
This commit introduces status checks for spot requests, so if the
request fails, finishes, or is cancelled the task will fail/succeed
accordingly.
One edge case introduced here is tha if a user terminates the instance
associated with the request manually it won't fail the play, under the
presumption that the user *wants* the instance terminated.
The junos_command module wasn't properly parsing strings to apply
conditionals due to the return value not being converted to json
before the results where handed to the runner.
This change is in response to issue #1497 where the apt module would not properly updating the apt cache in some situations and never returned a state change on cache update when the module was used without or without an item to be installed or upgraded.
The change simply allows the apt module to update the cache when update_cache option is used without or without a set cache_valid_time.
If cache_valid_time is set and the on disk mtime for apt cache is ">" the provided amount of seconds, which now has a default of 0, the apt cache will be updated. Additionally if no upgrade, package, or deb is installed or changed but the apt cache is updated the module will return a changed state which will help users to know that the state of the environment has changed due to a task operation, even if it was only an apt cache update.
fixes#1497
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The junos_config module will generate an exception if a 'delete ...' config
command is attempted to be loaded into a device configuration. This change
will first check to see if the delete command is valid and filter it out
of the change set if it is not valid.
fixes#5040
A value for the project_id parameter to shade's create_network()
call was always being sent, even if no value for 'project' was
supplied. This was breaking folks with older versions of shade
(< 1.6).
Fixes PR https://github.com/ansible/ansible-modules-core/issues/3567
* dict.iteritems does not exist in Python 3
Now just dict.items
six.iteritems handles the change
* Addresses point 1
Unsure if this is a good idea or not.
* Addresses point 2
This shouldn't have any particular change, just marks load_comments as abstract
* Remove unused import
Addresses point 3
* Clarify invalid subset error message
Addresses point 4
The junos_command expects commands to be returned as xml by default but
`show configuration [options]` will return text not xml. This fix
will set the output format for any command that starts with `show
configuration` to text
fixes#4628
The return string from the commands was not being passed through the
jxmlease library and therefore being returned as a string instead of a
json data structure. This also adds back the missing xml key in the
return that includes the raw xml string.
fixes#5001
This fixes a condition where an exception is raised when collecting `interface`
facts and the transport is set to nxapi in the nxos_nxapi module.
fixesansible/ansible#17691
* Fixing bind mount on Linux
* The latest update from jtyr doesn't pass integration tests.
Manually select the changes that are necessary to fix the bug with
unmounting
When setting state=absent the nxos_nxapi module would always try to remove
the configuration regardless of the current state of the device. This will
fix that problem.
This also updates the docstring to correctly reflect https as default=no
fixes#4955
depends on ansible/ansible#17728
Fixes#4063.
Tar does not use this parameter on extraction (-x) or diff (-d)(the
only two cases where it is passed in unarchive). It only uses it on
creation:
https://www.gnu.org/software/tar/manual/html_section/tar_33.html
Providing `unarchive` with a file mode of `0755` (octal) makes it pass
the argument `--mode 493` (493 = 0755 in decimal) to `tar`, which then
fails while verifying it (because it contains an invalid octal char
'9'). Not passing the parameter to tar solves the issue.
* Add support for password aging on Solaris
* Fix shadow file editing when {MIN,MAX,WARN}WEEKS is not set in /etc/default/passwd
* Un-break with python3
* _Really_ un-break with python3
* Pip: handle parsing different pip commands
* Pip: use 'pip list' when available
* Pip: explicitly check which command is used
* Pip: add error checking when fetching packages
* fixed docstring referencing old arguments
* changed out lxml for xml library to avoid import errors
* fixed issue when trying to confirm a commit will end up a NOOP
* fixed issue for passing replace argument to load_config method
* fixes exception thrown when sending commands to device
* fixes exception thrown when retrieving current resource instance
* fixes issue where netconf would be configured in some instances when state
was set to absent
* now returns the command string sent to the remote device
* fixes argument name to be netconf_port with alias to listens_on
Rather than just checking whether a package with the right
name is installed, use `local_nvra` to check whether the
version/release/arch differs too.
Remove `local_name` as it is a shortcut too far.
Fixes#3807Fixes#4529
ansible-doc -vvvv -l show this warning:
[WARNING]: While constructing a mapping from /home/misc/checkout/git/ansible/lib/ansible/modules/core/network/junos/junos_config.py,
line 88, column 5, found a duplicate dict key (required). Using last defined value only.
The eos_eapi module would not configure the port if the protocol wasn't
configured as reported in #4905. This changes the behavior to now allow
the port to be configured independently
fixes#4905
The AWS API requires that any termination policy list that includes
`Default` must end with Default. The attribute sorting caused any list
of attributes to be lexically sorted, so a list like
`["OldestLaunchConfiguration", "Default"]` would be changed to
`["Default", "OldestLaunchConfiguration"]` because default is earlier
alphabetically. This caused calls to fail with BotoServerError per #4069
This commit also adds proper tracebacks to all botoservererror fail_json
calls.
Closes#4069
* added Py2.4 and YAML Documentation fixes
* added no_log for password
* incorporated additional review comments
* remove type for options block
* fix type for pn_multiprotocol
CERN maintains its own fork of "Scientific Linux",
which identifies as "Scientific Linux CERN SLC".
This commit lets Ansible know that this is again
another variant of RHEL.
- Use range instead of xrange.
- Use python3-apt package for python 3.
- Eliminate unsupported for/else/raise usage.
- Use list on dict.items when modifying dict.
- Update requirements documentation.
Also made non-intrustive style fixes (adding blank lines).
Previously calculation of the number of instances that have been
terminated assumed all instances were in the first reservation returned
by AWS. If this is not the case the calculated number of instances
terminated never reaches the number of instances and the module always
times out. By unpacking the instances we get an accurate number and the
module correctly exits.
Currently instances with multiple ENI's can't be started or stopped
because sourceDestCheck is a per-interface attribute, but we use the
boto global access to it (which only works when there's a single ENI).
This patch handles multiple ENI's and applies the sourcedestcheck across
all interfaces the same way.
Fixes#3234
The session keyword is no longer needed or supported in the load_config()
method for eos. This fixes an issue in eos_template where the session
keyword was still being sent.
* remove redundant if submodules_updated
* speed up git by reducing remote commands
* run fetch only once
* run ls-remote less
* don't run ls-remote if one would run fetch anyhow
* remove unnecessary remote_branch check in clone
* kept if depth and version given
* fix fetch on old git versions
The daemonizing code here is taken from an ActiveState recipe, which
includes changing to / as a general best practice. While that is
normally true to allow for deleting the directory that the daemon
process started in, in this case it is not relevant as this is not
intended to be an actual long-running daemon.
Issue ansible/ansible#17466
* Added Solaris support to the mount module.
* Added checking so that if a non-standard fstab file is specified it will
still work in Solaris without breaking existing functionality.
* Added a check to avoid writing duplicate vfstab entries on Solaris
* Added "version_added" to new boot option
This means we will have to unarchive the complete archive if a single change is found.
Unfortunately we cannot fix this for `unzip`, the only hope is a pure-python reimplementation.
This fixes problems reported in the comments of #3810
os.getlogin() returns the user logged in on the controlling terminal. However
'crontab' only looks for the login name of the process' real user id which
pwd.getpwuid(os.getuid())[0] does provide.
While in most cases there is no difference, the former might fail under certain
circumstances (e.g. a lxc container connected by attachment without login),
throwing the error 'OSError: [Errno 25] Inappropriate ioctl for device'.
* 'before' and 'after' are now only applied to 'lines'
* remove update argument
* update doc strings
* add path argument when performing config difference
* removes update argument
* adds `config` option to replace argument
* moves session management into shared module
* cleans up doc strings
* `before` and `after` args now only apply to lines
If you apply `wait=yes` and use `instance_tags` as your filter for
stopping/starting EC2 instances, this stack trace happens:
```
An exception occurred during task execution. The full traceback is: │~
Traceback (most recent call last): │~
File "/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py", line 1540, in <module> │~
main() │~
File "/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py", line 1514, in main │~
(changed, instance_dict_array, new_instance_ids) = startstop_instances(module, ec2, instance_ids, state, instance_tags) │~
File "/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py", line 1343, in startstop_instances │~
if len(matched_instances) < len(instance_ids): │~
TypeError: object of type 'NoneType' has no len() │~
│~
fatal: [localhost -> localhost]: FAILED! => {"changed": false, "failed": true, "invocation": {"module_name": "ec2"}, "module_stderr": "Traceb│~
ack (most recent call last):\n File \"/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py\", line 1540, in <module>\n main()\n File \"/tmp/│~
ryansb/ansible_FwE8VR/ansible_module_ec2.py\", line 1514, in main\n (changed, instance_dict_array, new_instance_ids) = startstop_instances│~
(module, ec2, instance_ids, state, instance_tags)\n File \"/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py\", line 1343, in startstop_insta│~
nces\n if len(matched_instances) < len(instance_ids):\nTypeError: object of type 'NoneType' has no len()\n", "module_stdout": "", "msg": "│~
MODULE FAILURE", "parsed": false}
```
That's because the `instance_ids` variable is None if not supplied
in the task. That means the instances that result from the instance_tags
query aren't going to be included in the wait loop. To fix this, a list
needs to be kept of instances with matching tags and that list needs to
be added to `instance_ids` before the wait loop.
* Ensure unicode characters in zip-compressed filenames work correctly
Another corner-case we are fixing hoping it doesn't break anything else.
This fixes:
- The correct encoding of unicode paths internally (so the filenames we scrape from the output and is returned by zipfile match)
- Disable LANG=C for the unzip command (because it breaks the unicode output, unlike on gtar)
* Fix for python3 and other suggestions from @abadger
Before this, all spot instance requests would fail because the code
_always_ called module.fail_json when the parameter was set (which it
always was, because the module parameter's default was set to 'stop').
As the comment said, this parameter doesn't make sense for spot
instances at all, so the error message was also misleading.
* fixes issue where configuration was not being loaded (#4704)
* fixes issue where defaults were not included when argument was set to True
tested on EOS 4.15.4F
When the configuration is compared and the results deserialized, the
dumps() function returns a string. This cohereces the return to a list
in case before and/or after needs to be applied
fixes 4707
* fixes save argument to be type bool
* now properly sets the changed returned flag based on diff
* updates docstring RETURNS to add backup_path
* removes unneeded state argument
tested on EOS 4.15.4F
Updates the junos_netconf module with changes to load the
NetworkModule instead of the get_module factory method. This
update is part of the 2.2 refactor of network modules
* adds src argument to load configuration from disk
* adds src_format to set the source file format
* adds update argument with choices merge or replace
* deprecates the replace argument in favor of update=replace
This provides support for passing additional positional parameters to async_wrapper.
Additional parameters will be used by the upcoming async support for Windows.
* Python3 fixes to copy, file, and stat so that the connection integration tests can be run
* Forgot to audit the helper functions as well.
* Fix dest to refledt b_dest (found by @mattclay)
* commands argument now accepts a dict arguments
* rpcs argument now accepts a dict argument
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowd when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
SELinux since 2012 use a configuration file to
convert boolean names from a old name to a new name,
for preserving backward compatibility.
However, this has to be done explicitely when using the python
bindings, and the module was not doing it.
Openshift ansible script use this construct to detect if
a boolean exist or not:
- name: Check for existence of virt_sandbox_use_nfs seboolean
command: getsebool virt_sandbox_use_nfs
register: virt_sandbox_use_nfs_output
failed_when: false
changed_when: false
- name: Set seboolean to allow nfs storage plugin access from containers(sandbox)
seboolean:
name: virt_sandbox_use_nfs
state: yes
persistent: yes
when: virt_sandbox_use_nfs_output.rc == 0
On a system where virt_sandbox_use_nfs do not exist, this work. But
on a system where virt_sandbox_use_nfs is a alias to virt_use_nfs (like
Fedora 24), this fail because the seboolean is not aware of the alias.
On python3, we want to use the surrogateescape error handler if
available for filesystem paths and the like. On python2, have to use
strict in these circumstances. Use the new error strategy for to_text,
to_bytes, and to_native that allows this.
In Ansible 2.x this module gives `changed = True` for all privileges
that are specified including a table with
priv: "database.table:GRANT"
Mysql returns escaped names in the format
`database`.`tables`:GRANT
However in PR #1358, which was intended to support dotted database names
(a crazy idea to begin with), the quotes for the table name were left
out, leading to `curr_priv != new_priv`.
This means that the idempotency comparison between new_priv and
curr_priv is always 'changed'.
This PR re-introduces quoting to the table part of the priv.
dict no longer have a iteritems method, it was replaced
by items. So we need to use six.
Traceback (most recent call last):
File \"/tmp/ansible_hjd7d65c/ansible_module_mysql_user.py\", line 587, in <module>
main()
File \"/tmp/ansible_hjd7d65c/ansible_module_mysql_user.py\", line 571, in main
changed = user_add(cursor, user, host, host_all, password, encrypted, priv, module.check_mode)
File \"/tmp/ansible_hjd7d65c/ansible_module_mysql_user.py\", line 239, in user_add
for db_table, priv in new_priv.iteritems():
AttributeError: 'dict' object has no attribute 'iteritems'
Using something like:
- name: Create ssh keys
user:
name: root
generate_ssh_key: yes
register: key
result into this traceback on F24
Traceback (most recent call last):
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 2170, in <module>
main()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 2108, in main
(rc, out, err) = user.modify_user()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 660, in modify_user
return self.modify_user_usermod()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 417, in modify_user_usermod
has_append = self._check_usermod_append()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 405, in _check_usermod_append
lines = helpout.split('\\n')
TypeError: a bytes-like object is required, not 'str'
Traceback (most recent call last):
File "/tmp/ansible_csqv781s/ansible_module_systemd.py", line 374, in <module>
main()
File "/tmp/ansible_csqv781s/ansible_module_systemd.py", line 263, in main
for line in out.split('\\n'): # systemd can have multiline values delimited with {}
* adds support for default facts subset
* adds support for config facts subset
* maintain legacy facts from ops_facts pre-2.2
Tested on Openswitch 0.4.0
* add src argument to provide path to config file
* add new choice to match used to ignore current running config
* add update argument with choices merge or check
* add backup argument to backup current running config to control host
* add save argument to save current running config to startup config
* add state argument to control state of config file
* deprecated force argument, use match=none instead
Note: this module only supports transport=cli
Tested on OpenSwitch 0.4.0
* commands argument now accepts a dict arguments
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowed when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
Tested on OpenSwitch 0.4.0
* add support for vrf configurations
* add support for configing the qos value for eapi
* add config argument to specify the device running-config
Tested on EOS 4.15.4F
IOS devices only support a single command output which is structured
text. This removes the ability to specify the command output format
when providing complex arguments to the commands
Due to a mixup of the group/role/user and policy names, policies with
the same name as the group/role/user they are attached to would never be
updated after creation. To fix that, we needed two changes to the logic
of policy comparison:
- Compare the new policy name to *all* matching policies, not just the
first in lexicographical order
- Compare the new policy name to the matching ones, not to the IAM
object the policy is attached to
We got an error while switching on existent local branch
because git module can not find branch in function get_branches
if we have color.branch=always in git config.
One of the usual issue is that run_command return bytes,
so we have to adapt the string to either be bytes too,
or convert to string.
This result into that kind of traceback:
Traceback (most recent call last):
File \"/tmp/ansible_ej32yu2w/ansible_module_git.py\", line 1009, in <module>
main()
File \"/tmp/ansible_ej32yu2w/ansible_module_git.py\", line 873, in main
git_version_used = git_version(git_path, module)
File \"/tmp/ansible_ej32yu2w/ansible_module_git.py\", line 788, in git_version
rematch = re.search('git version (.*)$', out)
File \"/usr/lib64/python3.5/re.py\", line 173, in search
return _compile(pattern, flags).search(string)
TypeError: cannot use a string pattern on a bytes-like object
Another issue is filter being a object instead of a list.
* key maps are now frozenset instead of dict objects
* FactsBase now includes utility functions for transforming json data structures
Tested on NXOS 7.3(0)D1(1)
* adds support for std network facts
* adds support for default facts subset
* adds support for config facts subset
* adds support for interface facts subset
* adds support for hardware facts subset
Tested on IOS-XR 6.0.0
* adds support for std network facts
* adds support for default facts subset
* adds support for config facts subset
* adds support for interface facts subset
* adds support for hardware facts subset
* maintains backwards capabilitity with 2.1 facts module
Tested on NXOS 7.3(0)D1(1)
* adds support for std network facts
* adds support for default facts subset
* adds support for config facts subset
* adds support for interface facts subset
* adds support for hardware facts subset
Tested on EOS 4.15.4F
* add src argument to provide path to config file
* add new choice to match used to ignore current running config
* add update argument with choices merge, replace or check
* add backup argument to backup current running config to control host
* add comment argument to provide comment to commit
* deprecated force argument, use match=none instead
Lineinfile deals heavily with Unic text files. Makes some sense to deal
with it all as byte strings. So there is a lot of work done here to
show that we're dealing with byte strings throughout.
The ssh_public_keys must be a list otherwise will give the error:
"argument ssh_public_keys is of type <type 'dict'> and we were unable to convert to list"
* Improve the correct handling of gtar and unzip options
Add the option --show-transformed-names when extra_opts is being used
Ignore bogus warnings related to empty filenames
Properly quote _and_ escape filenames for unzip command
Rewrite gtar options and provide run_command with array, not string
This fixes#2480 and #4109.
* Make check-mode work for zip-files
Check-mode was disabled for zip-files since gtar did not support it.
This change enables check-mode support for zip-files, but does skip the task when used with gtar.
(Best of both worlds)
Also remove unused compress_mode variable.
This replaces PR #4401, the changes overlap somewhat so I merged them
* commands argument now accepts a dict arguments
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowd when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
* commands argument now accepts a dict arguments[1]
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowd when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
[1] The commands argument will now accept a dict argument that can
specifiy the output format of the command. To specify a dict argument
use the form of { command: <str>, output: <str>, prompt: <str>,
response: <str> }.
* arguments for vyos_config for 2.2 are now complete
* adds loading config file from disk (src argument)
* removes unsupported rollback argument
* changes update_config to update with options merge or check
* changes backup_config to backup
* add state argument for state of configuration file
* adds backup argument to backup current configuration
* adds save argument to control if active config is saved to disk
* adds comment argument for setting commit comment
* adds match argument to control configuraiton match
Tested with VyOS 1.7
* Import module_utils at the top
* Fix python3 by marking literals combined with stdout/stderr as byte
literals
* Mark parameters as type=path where appropriate
* FreeBSD do not support --omit-header and --absolute-names
* The option for following symlink wth getfacl is different on FreeBSD
* ZFS on Freebsd use nfsv4 acls, who use a slightly different syntax
* FreeBSD do not have a --test flag, so always return 'True'
* FreeBSD do not have the --omit-headers options, so we have to filter by ourself
* Mark Freebsd as working for the acl module
* commands argument now accepts a dict arguments[1]
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowd when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
[1] The commands argument will now accept a dict argument that can
specifiy the output format of the command. To specify a dict argument
use the form of { command: <str>, output: <str>, prompt: <str>,
response: <str> }. Command and output are required arguments. Output
accepts valid values text and json.
* add src argument to provide path to config file
* add new choice to match used to ignore current running config
* add update argument with choices merge, replace or check
* add backup argument to backup current running config to control host
* add defaults argument to control collection of config with or without defaults
* add save argument to save current running config to startup config
* add state argument to control state of config file
* deprecated force argument, use match=none instead
The CommandRunner will not allow duplicate commands to be added to the
command stack. This fix will now catch the exception and continue if
a duplicate command is attempting to be added to the runner instance.
* commands argument now accepts a dict arguments[1]
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowd when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
[1] The commands argument will now accept a dict argument that can
specifiy the output format of the command. To specify a dict argument
use the form of { command: <str>, output: <str>, prompt: <str>,
response: <str> }. Command and output are required arguments. Output
accepts valid values text and json.
* add src argument to provide path to config file
* add new choice to match used to ignore current running config
* add update argument with choices merge or check
* add backup argument to backup current running config to control host
* add defaults argument to control collection of config with or without defaults
* add save argument to save current running config to startup config
* add state argument to control state of config file
* deprecated force argument, use match=none instead
* merge changes from ios shared module functions into ios_config.
* add src argument to provide path to config file
* add new choice to match used to ignore current running config
* add update argument with choices merge or check
* add backup argument to backup current running config to control host
* add defaults argument to control collection of config with or withoutdefaults
* add save argument to save current running config to startup config
* add state argument to control state of config file
* deprecated force argument, use match=none instead
* commands argument now accepts a dict arguments[1]
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowd when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
[1] The commands argument will now accept a dict argument that can
specifiy the output format of the command. To specify a dict argument
use the form of { command: <str>, output: <str>, prompt: <str>,
response: <str> }. Command and output are required arguments. Output
accepts valid values text and json.
Importing a (sign only) subkey with apt_key module always fails,
however the actual keyring gets created and contains the correct keys.
Apparently the all_keys function skips the subkeys, hence the problem.
Fixes#4365
* make HEAD parsing more robust
* Fail the module for any splitter errors
* fix combining depth and version on filepath urls by prepending file://
Addresses #907
* Made some changes to determine branch name more reliable (it may contain slashes now).
* Determination of branch name more reliable, as per comment on PR #907
- Removed required_if.
- Fixed doc strings.
- Removed debug output being appended to actions.
- Put import of basics at bottom to be consistent with other docker modules
- Added 'containers' alias to 'connected' param
- Put facts in ansible_facts.ansible_docker_network
* Git: Determine if remote URL is being changed
Ansible reported there were no changes when only the remote URL for a
repo was changed. This properly tracks and reports when the remote URL
for a repo changes.
Fixes#4006
* Fix handling of local repo paths
* Git: Use newer method for fetching remote URL
* Git: use ls-remote to fetch remote URL
Using ls-remote to fetch remote URL is supported in earlier versions
of Git compared to using remote command.
* Maintain previous behavior for older Git versions
Previously whether or not the remote URL changed was not factored
into command's changed status. Git versions prior to 1.7.5 lack the
functionality used for fetching a repo's remote URL so these versions
will update the remote URL without affecting the changed status.
When you try to remote unarchive files with the option copy=no the code always fail, as evidenced in issue #4202. That happens because the conditional to check "if remote_src=no or copy=yes" will always be true since the default value of them is remote_src=no and copy=yes.
My modification is only to change the condition from or to and, that way only if both the vars stay with the default value will be true, otherwise you can unarchive remote files.
* Add diffmode support to git module
This patch adds missing diffmode support to the git module.
* Remodel get_diff() and calls to it
As proposed by @abadger
* Ensure we fetch the required object before performing a diff
Also we handle the return code ourselves, so don't leave this up to run_command().
Now that there is general purpose `Fact` helper to detect if systemd
is active, we would be able to rely on that to apply SystemdStrategy.
Detecting presence of systemd at runtime would be more reliable than
distribution version based heuristics. (e.g., Debian, Ubuntu allows
user to change the default init system, Gentoo allows switching as
well, and so on).
A capital "S" appears when the the setuid or setgid bit are set but have no effect. Likewise, a capital "T" appears when the sticky bit is set but it has no effect.
During check_mode (`--check`), the variable change could be
used uninitialized, yielding this error:
`UnboundLocalError: local variable 'changed' referenced before assignment`
This changeset simply initializes it to False.
* error handling for importing non-existent db
* creating db on import state and suitable message on deleting db
* handling all possible cases when db exists/not-exists
* Check mode fixes for ec2_vpc_net module
Returns VPC object information
Detects state change for VPC, DHCP options, and tags in check mode
* Early exit on VPC creation in check mode
The default VPC egress rules was being left in the egress rules for
purging in check mode. This ensures that the module returns the correct
change state during check mode.
By default, ssh-keygen will pick a suitable default for ssh keys
for all type of keys. By hardocing the number of bits to the
RSA default, we make life harder for people picking Elliptic
Curve keys, so this commit make ssh-keygen use its own default
unless specificed otherwise by the playbook
sysrc(8) does not exit with non-zero status when encountering a
permission error.
By using service(8) `service <name> enabled`, we now check the actual
semantics expressed through calling sysrc(8), i.e. we check if the
service enablement worked from the rc(8) system's perspective.
Note that in case service(8) detects the wrong value is still set,
we still output the sysrc(8) output in the fail_json() call:
the user can derive the exact reason of failure from sysrc(8) output.
AWS security groups are unique by name only by VPC (Restated, the VPC
and group name form a unique key).
When attaching security groups to an ELB, the ec2_elb_lb module would
erroneously find security groups of the same name in other VPCs thus
causing an error stating as such.
To eliminate the error, we check that we are attaching subnets (implying
that we are in a VPC), grab the vpc_id of the 0th subnet, and filtering
the list of security groups on this VPC. In other cases, no such filter
is applied (filters=None).
EC2 Security Group names are unique given a VPC. When a group_name
value is specified in a rule, if the group_name does not exist in the
provided vpc_id it should create the group as per the documentation.
The groups dictionary uses group_names as keys, so it is possible to
find a group in another VPC with the name that is desired. This causes
an error as the security group being acted on, and the security group
referenced in the rule are in two different VPCs.
To prevent this issue, we check to see if vpc_id is defined and if so
check that VPCs match, else we treat the group as new.
While from the documentation[1] one would assume that replacing
CAPABILITY_IAM with CAPABILITY_NAMED_IAM; this as empirically been shown
to not be the case.
1: "If you have IAM resources, you can specify either capability. If you
have IAM resources with custom names, you must specify
CAPABILITY_NAMED_IAM."
http://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html
Previously, when the attributes of a GCE firewall change, they were ignored. This PR changes that behavior and now updates them.
Note that the "update" also removes attributes that are not specified.
An overview of the firewall rule behavior is as follows:
1. firewall name in GCP, state=absent in PLAYBOOK: Delete from GCP
2. firewall name in PLAYBOOK, not in GCP: Add to GCP.
3. firewall name in GCP, name not in PLAYBOOK: No change.
4. firewall names exist in both GCP and PLAYBOOK, attributes differ: Update GCP to match attributes from PLAYBOOK.
Current module fails when tries to assign floating-ips to server that
already have them and either fails or reports "changed=True" when no
ip was added
Removing floating-ip doesn't require address
Server name/id is enough to remove a floating ip.
This parameter was actually added in 2.0. It's just that the
documentation in previous versions of the module were wrong (it said the
name was "network" rather than "name.) I've renamed the parameter in
the documentation of prior versions so ansible-module-validate should no
longer think that this is a new parameter.
The module would raise a KeyError trying to find the save_config key
which is not present in the argument_spec. This was caused by the
check_args() function. Since the ios shared argument spec isn't used
the check_args function is not needed and has been removed.
This removes the get_module() factory function and directly creates
an instance of NetworkModule. This commit includes some minor clean
up to transition to the ios shared module for 2.2
The shade update_router() call will return None if the router is
not actually updated. This will cause the module to fail if we
do not protect against that.
* using check mode will now block all commands except show commands
* module will no longer allow config mode commands
* check args for unused values and issue warning
This refactors the ios_config module to use the network module added
in 2.2 to simplify common network functions
new features
* add src, dest arguments for working with config
* results now return flag if the config was saved or not
* adds append argument for updating the dest file (when dest is used)
The os_server module could automatically generate a floating IP for
the user with auto_ip=true, but we didn't allow for this FIP to be
automatically deleted when deleting the instance, which is a bug.
Add a new option called delete_fip that enables this.
* Revert PR #3575 since it causes problems related to exclude patterns
By using a different method for getting archive filelists, and extracting we introduced new problems related to excluding based on gtar patterns.
As a result files that would be excluded by gtar, would still be in the filelist. Implementing our own gtar compatible pattern exclusion mechanism is near to impossible (believe me, we looked at it...). The best way is to look at the original problem and deal with that, and ensure that extraction and filelists are done with the exact same tool and exact same options.
The solution is to decode the octal unicode representation in gtar's output back to unicode. Since gtar has no problem extracting these files in LANG=C, we simply has to compensate for it.
This reverts #3575 and fixes#11348.
* Implement codecs.escape_decode() instead of decode("string_escape") for python3
* remove unused variables
* fetch branch name instead of HEAD
fix#3782, which was introduced by f1bacc1d3f9578f26d4ae2f66112cbb2509a7fe8
* disable git depth option for old git versions
fixes#3782
git support for `--depth` did not fully work in old git versions (before 1.8.2)
fall back to full clones/fetches on those versions
* raise required git version to 1.9.1 for depth option
* use correct depth argument in switch_version
* service module: use sysrc on FreeBSD
sysrc(8) is the designated userland program to edit rc files on FreeBSD.
It first appeared in FreeBSD 9.2, hence is available on all supported
versions of FreeBSD.
Side effect: fixes#2664
* Incorporate changes suggested by bcoca.
- Use `get_bin_path` to find sysrc binary.
- Only use sysrc when available (support for legacy versions of FreeBSD)
Without this, ansible 2.1 will convert some arguments that are
meant to be dict or list type to their str representation.
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Change the file mode arg to 'raw' ala file args
Following the file_common_args model, change the
type of the 'mode' arg here to type='raw' with no
default arg value.
The default mode for file creation is the module
constant DEFAULT_SOURCES_PER, and is used if no
mode os specified.
A default mode of 0644 (and not specified as int or str)
would get converted to an octal 420, resulting in the
sources file being created with mode '0420' instead of '0644'
Fixes#16370
The `source_dest_check` and `termination_protection` variables are being
assigned twice in ec2.py, likely due to an incorrect merge somewhere
along the line.
* A few more sanity checks for detecting unzip output that's not a file entry
Also note that there's a rounding error somewhere in the mtime
comparison code.
* Fix reference to sub-array
Because the async_status module will read from the same file that
the async_wrapper module is writing, it's possible that the file
may not be fully synced during a read, causing spurious failures.
Use a temp file to do an atomic operation on the file. We can't
use atomic_move() here as that doesn't work properly under async.
Also, let's not read concurrently from the same file the subprocess
is writing to. Instead, capture stdout/stderr via PIPE and write to
the file to avoid nasty races.
* This adds support the CommandRunner to handle executing commands on
the remote device.
* It also changes the waitfor argument to wait_for to remain compatable
with other modules and adds an alias for waitfor.
* Restricts commands to show commands only when check mode is specified.
* add version_added to wait_for doc string
The IAM group modules were not receiving the `module` object, but they
use `module.fail_json()` in their exception handlers. This patch passes
through the module object so the real errors from boto are exposed,
rather than errors about "NoneType has no method `fail_json`".
$source check causes:
FAILED! => {"changed": false, "failed": true, "msg": "A parameter cannot be found that matches parameter name 'Source'."}
$Params.Remove causes:
FAILED! => {"changed": false, "failed": true, "msg": "Method invocation failed because [System.Management.Automation.PSCustomObject] does not contain a method named 'Remove'."}
* Change documented options for os_networks_facts
os_network_facts currently lists 'network' as an available option, taking the Name or ID. In Ansible 2.0.2 to 2.2.0, this is not valid. Options 'name' and 'id' should be used instead.
* Update os_networks_facts.py
* Update os_networks_facts.py
Set version_added to the only accepted value
* Update os_networks_facts.py
Removed inappropriate 'ID' parameter
When `version` is not specified, it defaults to "HEAD". "HEAD" is not a
remote tag, and it's not listed in the output of get_branches(), so we'd
keep repo_updated at the default value (None) and then return early with
changed=True in --check mode, even when before == after.
Fixes#3024.
Ceph Object Gateway (Ceph RGW) is an object storage interface built on top of
librados to provide applications with a RESTful gateway to Ceph Storage
Clusters:
http://docs.ceph.com/docs/master/radosgw/
This patch adds the required bits to use the RGW S3 RESTful API properly.
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Prior to Python 2.5, SystemExit was a subclass of Exception.
In Py2.4, this is causing extra error output on valid sys.exit(0).
(Toshio) Call sys.exit from inside of the SystemExit exception handler so py2.4 and py2.5+ behaviour matches
* Fixing compile time errors irt a) exception handling for Python 3 in util, also: b) problem octal usage (fixed) and c) print json_dump -> print(json_dump(xyz) ... et al
* This code was not Python 2.4 compliant. Octal codes and exception handling is now working with Py 2.4, 2.6, & 3.5.
* Fixing formating (or rather reverting an non 2.4 compatible change). Works in compile & runtime checking.
* a) revert to use print sys.stderr not fail_json; b) fixed var name in exception
* Python 3 compatible print (print >>sys.stderr will generate a TypeError - now uses sys.stderr.write instead).
The "Developing Modules" documentation states:
Include a minimum of dependencies if possible. If there are
dependencies, document them at the top of the module file, and have
the module raise JSON error messages when the import fails.
When docker_service runs on a remote host without PyYAML it crashes with
ImportError.
This patch raises a JSON error message when import fails, but only if
the PyYAML module is actually used. It's only needed when the
"definition" parameter is given.
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
The example for delete=yes does not specify recursive although it is
required. In addition, the wording for the delete option is confusing
about from where files are really deleted. This should clarify that.
* Update GitHub templates to reflect ansible/ansible
Update the GitHub templates to what is used for some time on ansible/ansible
For more information, see ansible/ansible#15961
* Small improvement from ansible/ansible
* Improve the unzip output scraping
Ensure we capture the complete file (also when it includes spaces).
Drop lines that do not conform (in length) to what we expect (e.g. header/footer).
This fixes#3813
* Fix how split() works
* remove unused variables
* fetch branch name instead of HEAD
fix#3782, which was introduced by f1bacc1d3f9578f26d4ae2f66112cbb2509a7fe8
* disable git depth option for old git versions
fixes#3782
git support for `--depth` did not fully work in old git versions (before 1.8.2)
fall back to full clones/fetches on those versions
Reading the entire tar file into memory can result in out-of-memory
conditions such as this traceback:
Traceback (most recent call last):
File "/tmp/ansible_YELTSu/ansible_module_docker_image.py", line 486, in load_image
self.client.load_image(image_data)
File "/usr/local/lib/python2.7/dist-packages/docker/api/image.py", line 147, in load_image
res = self._post(self._url("/images/load"), data=data)
...
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 848, in _send_output
msg += message_body
MemoryError
Luckily docker-py's load_image(), which calls requests post(), accepts a
file-like object instead of a string. Pass in the file object to avoid
reading the full file into memory. This allows larger tar files to load
succesfully.
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
* This moves the lines in the code that parse the `env` and `env_file` options for docker to the end of the `__init__()` function.
This is needed because the `_check_capabilites` function needs both a working `self.client` and a proper `self.docker_py_versioninfo`.
`_check_capabilities` is used by `ensure_capabilities` which is, in turn, used by `get_environment`
This means that before this commit, the environment variables could not be loaded because both `self.client` and `self.docker_py_versioninfo` were not set at that time.
This commit fixes that by putting the environment variable parsing after those two.
* This moves the lines in the code that parse the `env` and `env_file` options for docker to the end of the `__init__()` function.
This is needed because the `_check_capabilites` function needs both a working `self.client` and a proper `self.docker_py_versioninfo`.
`_check_capabilities` is used by `ensure_capabilities` which is, in turn, used by `get_environment`
This means that before this commit, the environment variables could not be loaded because both `self.client` and `self.docker_py_versioninfo` were not set at that time.
This commit fixes that by putting the environment variable parsing after those two.
The default pagination is every 100 items with a maximum of 1000 from
Amazon. This properly uses the marker returned by Amazon to concatenate
the various pages from the results.
This fixes#2440.
* Fixing error exception handling for python. Does not need to be compatible with Python2.4 b/c boto is Python 2.6 and above.
* Fixing error exception handling for python. Does not need to be compatible with Python2.4 b/c boto is Python 2.6 and above.
* Fixing compile time errors IRT error exception handling for Python 3.5.
This does not need to be compatible with Python2.4 b/c Boto is Python 2.6 and above.
Fix KeyError: 'prepared' while installing dependencies using deb=<file>.deb
This error shows up when --diff was not passed by and the deb files has dependencies not yet installed.
Closes#3752.
Currently, when writing user's crontab, ansible calls
crontab <file> -u <user>
This is incorrect according to crontab(1) on both FreeBSD and Linux,
which suggest that file argument should be the last.
At least on FreeBSD, this leads to incorrect cron module bahavior which
writes to root's crontab instead of users's
Fallback to unzip if zipfile fails and hope that unzip can deal with it
(sites have an easier time upgrading the unzip utility than all of
python).
https://bugs.python.org/issue3997Fixes#3560
packaging/language/pip.py:
virtualenv option:
Mention that virtualenv is created if it does not exist.
(Explicit is better than implicit.)
Mention other relevant options.
notes:
initialized -> created
Wrap long lines.
This is to address this error:
fatal: [site]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to connect to S3: Region does not seem to be available for awsmodule boto.s3. If the region definitely exists, you may need to upgrade boto or extend with endpoints_path"}
Commit 0dd58e9 changed the logic so an exception is thrown (by
`connect_to_aws`) before the `s3 is None` check is performed. This
changes the `None` check to a catch so the old logic can compensate.
This fix passing the update variable to the str()
so that it avoids the exception when ops.dc.read()
returns a dictionary which contains non-string keys.
This is due to the fact that some of the key types in
OpenSwitch schema are actually defined as integer
and ops.dc declerative config module encode those
in integer inside the dictionary. This could be
the right encoding from the schema point of view
but someone needs to convert it to the string
somewhere, as JSON key should be string.