* Add tls parameter to redis module
* Rename changelog fragment to match PR
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Port redis module to redis auth module util
* Update changelogs/fragments/4207-add-redis-tls-support.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/database/misc/redis.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Undo reuse of redis auth doc fragment
* Use doc fragment.
Co-authored-by: Julian Faude <julian.faude@zweiacht.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* npm - add '--production` support to 'npm ci' flag
* add changelog fragement for 4299
* Add backticks
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* pacman: add support for remove_nosave
New parameter: remove_nosave
When enabled, will pass --nosave to pacman when removing packages.
--nosave cannot be used with --print-format and thus it couldn't be
passed via extra_args. See #4315
The code adds the option right before the actual removal of the pkgs.
(This is based on an initial diff from MorphBonehunter)
* changelog
* Update plugins/modules/packaging/os/pacman.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* wording
* ssss
* remove_package: simplify {force,extra,nosave}_args
Co-authored-by: Felix Fontein <felix@fontein.de>
* pacman: don't always return changed w/ update_cache
This used to be the behavior before the recent refactoring. [1]
Allows the following to return changed only when packages were upgraded:
- pacman:
update_cache: yes
upgrade: yes
And the following to return changed only when the foo package wasn't at
the latest version:
- pacman:
name: foo
state: latest
update_cache: yes
[1] https://github.com/ansible-collections/community.general/pull/3907
* Update changelogs/fragments/4318-pacman-restore-old-changed-behavior.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove nmcli modify dependency on type parameter
* Add fragment
* Add newline for lint
* Fixed linting for tests
* Fix fragment
* Move aliases to ip_conn_type function
* Remove connection_map
* Updated fragment
* Fixed fragment
Co-authored-by: Trey West <--local>
* s/group/groups/
Pacman accepts --group but the actual option name is --groups.
Allows use of other binaries with the same CLI interface as pacman (yay)
* changelog
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add note regarding pacman compat + --print-format
* Update plugins/modules/packaging/os/pacman.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix error when checking if VM exists.
* Add changelog entry.
* Reword changelog entry.
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* pacman: re-adding support for URL based pkgs
* Update plugins/modules/packaging/os/pacman.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/packaging/os/pacman.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* cmd=cmd in every call to self.fail()
* pacman: integration test for mixed pkg sources
* Add more tests + fix minor bug with URL packages
Version checking for URL packages is left to pacman, so add a check
after the dry run to see if it would actually install anything.
* remove double templating
Co-authored-by: Felix Fontein <felix@fontein.de>
* zypper: support automatic removal of orphaned dependencies
* zypper: support automatic removal of orphaned dependencies
- Add support for --clean-deps option during package removal, which
will clean up packages that were only installed as dependencies
of the package being removed.
* Update changelogs/fragments/4192-zypper-add-clean-deps.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/packaging/os/zypper.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/packaging/os/zypper.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix sparse file creation on Alpine linux
* re-enable tests for Alpine
* remove `conv=sparse` flag (rely only on `seek=fullsize` & `count=0`)
* doc: add a reference to busybox's dd
* doc: remove restrictions for OpenBSD, Solaris & AIX (should work as
for Alpine linux now)
* add a changelog fragment
* fix typo
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak: fix creating a user federation w/ idempotent id
Creating a user federation while specifying an id (that doesn't exist
yet) will fail with a 404. This commits fix this behavior.
* keycloak: fix user federation mapper duplication
This commit fixes a bug where mappers are duplicated instead of
configured when creating a user federation.
When creating a user federation, some mappers are autogenerated by
keycloak. This commit lets the keycloak_user_federation module recompute
mappers final values after the user federation is created so that the
module can try to merge them by their name.
* add missing fragment for pr #4212
* passwordstore: Add configurable locking
Passwordstore cannot be accessed safely in parallel, which causes
various issues:
- When accessing the same path, multiple different secrets are
returned when the secret didn't exist (missing=create).
- When accessing the same _or different_ paths, multiple pinentry
dialogs will be spawned by gpg-agent sequentially, having to enter
the password for the same gpg key multiple times in a row.
- Due to issues in gpg dependencies, accessing gpg-agent in parallel
is not reliable, causing plays to fail (this can be fixed by adding
`auto-expand-secmem` to _~/.gnupg/gpg-agent.conf_ though).
These problems have been described in various github issues in the past,
e.g., ansible/ansible#23816 and ansible/ansible#27277.
This cannot be worked around in playbooks by users in a non-error-prone
way.
It is addressed by adding new configuration options:
- lock:
- readwrite: Lock all operations
- write: Only lock write operations (default)
- none: Disable locking
- locktimeout: Time to wait for getting a lock (s/m/h suffix)
(defaults to 15m)
These options can also be set in ansible.cfg, e.g.:
[passwordstore_lookup]
lock=readwrite
locktimeout=30s
Also, add a note about modifying gpg-agent.conf.
* Tidy up locking config
There is no reason why lock configuration should be part of self.paramvals.
Now locking and its configuration happen all in one place.
* Change timeout description wording to the suggested value.
* Rearrange plugin setup, apply PR feedback
As an input the module receives names of packages to lock.
Those never matched existing entries and therefore always reported
changes.
For compatibility yum is symlinked to dnf on newer systems,
but versionlock entries defer. Try to parse both formats.
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Rework of gitlab_project_variable over gitlab_group_variable
* Linting and removed unused example
* Fix test 2
* Sync from review of gitlab_project_variable #4038
* Linting, default protected True, value optional
* Next version is 4.5.0
* Roll back protected default true, and value not required
* Apply suggestions from code review
Missing check_mode
Co-authored-by: Markus Bergholz <git@osuv.de>
* Fix one unit test, comment test that requires premium gitlab
* Add changelog
* Update plugins/modules/source_control/gitlab/gitlab_group_variable.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/4086-rework_of_gitlab_proyect_variable_over_gitlab_group_variable.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Added conditional gitlab_premium_tests variable when required
* Allow delete without value
* Fix variable name
* Linting
* Value should not be required in doc
* Linting missing new-line
* Update changelogs/fragments/4086-rework_of_gitlab_proyect_variable_over_gitlab_group_variable.yml
Co-authored-by: Markus Bergholz <git@osuv.de>
Co-authored-by: Markus Bergholz <git@osuv.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
The passwordstore lookup plugin depends on parsing GnuPG's
error messages in English language. As a result, detection of
a specific error failes when users set a different locale.
This change corrects this by setting the `LANGUAGE` environment
variable to `C` when invoking `pass`, as this only affects
gettext translations.
See
https://www.gnu.org/software/gettext/manual/html_node/The-LANGUAGE-variable.html
Given a password stored in _path/to/secret_, requesting the password
_path/to_ will literally return `path/to`. This can lead to using
weak passwords by accident/mess up logic in code, based on the
state of the password store.
This is worked around by applying the same logic `pass` uses:
If a password was returned, check if there is a .gpg file it could
have come from. If not, treat it as missing.
Fixesansible-collections/community.general#4185
* Included efidisk0 option to be able to create VMs with persitent EFI disks
* Added forgotten argument to create_vm invocation and missing test for update
* Added changelog fragment relevant to PR
* Fixed documentation issues (missing period, and added version) from review
* Removed breaking change dependency for new option, modified changelog fragment according to review
* Fixed typo in documentation
* Added examples of `efidisk0` usage
* Added examples of `efidisk0` usage
* Fixed lines containing blank spaces
* Rebased on 4.4.0, added efi option, added sanity checks on efi option
* Adjusted version_added to 4.5.0
* Corrected typo in create_vm invocation, adjusted merging of efi and efidisk0 options
* Updated efidosk0 option to dict, added flattening to str, added constraint on bios option if efidisk0 is set
* Replaced loop by list comprehension for efidisk0 flattening
* Removed unused code left over from refactor from efi/efidis0 options
* Updated keycloak.py to allow defining connection timeout value (#4168) (#2)
* Added parameter to doc_fragments and edited the changelog message (#4168)
* Added parameter to doc_fragments and edited the changelog message (#4168)
* opentelemetry: enrich services for jenkins, hetzner, jira, zypper, chocolatey
* remove source and name for the time being
Those arguments can be later on in the future added, maybe with some opt-in feature, so let's only focus in the ones which are fully http based for now
* changelog fragment
* Update changelogs/fragments/4105-opentelemetry_plugin-enrich_jira_hetzner_jenkins_services.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* dconf: Skip processes that disappeared while we inspected them
Fixes#4151
* Update changelogs/fragments/4151-dconf-catch-psutil-nosuchprocess.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* pacman: rewrite with a cache to speed up execution
- Use a cache (or inventory) to speed up lookups of:
- installed packages and groups
- available packages and groups
- upgradable packages
- Call pacman with the list of pkgs instead of one call per package (for
installations, upgrades and removals)
- Use pacman [--sync|--upgrade] --print-format [...] to gather list of
changes. Parsing that instead of the regular output of pacman, which
is error prone and can be changed by user configuration.
This can introduce a TOCTOU problem but unless something else calls
pacman between the invocations, it shouldn't be a concern.
- Given the above, "check mode" code is within the function that would
carry out the actual operation. This should make it harder for the
check code and the "real code" to diverge.
- Support for specifying alternate package name formats is a bit more
robust. pacman is used to extract the name of the package when the
specified package is a file or a URL.
The "<repo>/<pkgname>" format is also supported.
For "state: latest" with a list of ~35 pkgs, this module is about 5
times faster than the original.
* Let fail() actually work
* all unhappy paths now end up calling fail()
* Update copyright
* Argument changes
update_cache_extra_args handled as a list like the others
moved the module setup to its own function for easier testing
update and upgrade have no defaults (None) to let required_one_of() do
its job properly
* update_cache exit path
Shift successful exit without name or upgrade under "update_cache".
It is an error if name or upgrade isn't specified and update_cache wasn't specified
either. (Caught by ansiblemodule required_one_of but still)
* Add pkgs to output on success only
Also align both format, only pkg name for now
* Multiple fixes
Move VersionTuple to top level for import from tests
Add removed pkgs to the exit json when removing packages
fixup list of upgraded pkgs reported on upgrades (was tuple of list for
no reason)
use list idiom for upgrades, like the rest
drop unused expand_package_groups function
skip empty lines when building inventory
* pacman: add tests
* python 2.x compat + pep8
* python 2.x some more
* Fix failure when pacman emits warnings
Add tests covering that failure case
* typo
* Whitespace
black failed me...
* Adjust documentation to fit implicit defaults
* fix test failures on older pythons
* remove file not intended for commit
* Test exception str with e.match
* Build inventory after cache update + adjust tests
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/packaging/os/pacman.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* changelog
* bump copyright year and add my name to authors
* Update changelogs/fragments/3907-pacman-speedup.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* maintainer entry
Co-authored-by: Felix Fontein <felix@fontein.de>
* value is not required when state is absent
* fix integration test. missing value
* fix condition
* add changelog fragment
* fail fast
* try required_if on suboptions
* revert
* Update plugins/modules/source_control/gitlab/gitlab_project_variable.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix naming in doc
* typo in name
Co-authored-by: Felix Fontein <felix@fontein.de>
* homebrew_cask: reinstall when force is install option
* add changelog entry
* Fix OSX CI runs - run as non-root
* test with cask that has no macos dependencies
* use `brooklyn` cask to test
* Fully use Ansible's option handling. Deprecate not specifying sender.
* Update plugins/callback/mail.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Added new feature for ansible_user and ansible_port
* Replaced 'try' and 'except' with 'if' condition
* Replace '!=' with 'is not'
* Fixed if condition
* Implement the constructed interface
* Correction at the suggestion of felixfontein
* Added new options in unit test for icinga2 inventory
* Added blank lines in unit test for icinga2 inventory
* Added default filter in example
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fixed variable name in example
Co-authored-by: Felix Fontein <felix@fontein.de>
* Added a changelog fragment
* Fixed changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Updated documentation options
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* add profile parameter for scaleway inventory
* Update doc from review and add changelog
* Update changelogs from review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix local port regex
Thsi PR fix the bug reported in #4091
* Update changelogs/fragments/4092-fix_local_ports_regex_listen_ports_facts.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
When using project it will use project level runner to create runner that based on python-gitlab it will be used for enabling runner and needs a runner_id so for creating a new runner it should use gitlab level runner
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* [inventory/cobbler] Add exclude/include_profile option
Also some minor cleanup
* Review suggestions
* Still must init cache_key
* Add note to exclude_profiles about include_profiles
* Add changelog fragment
* linode: Allow templating token for dynamic inventory
Template the value for the access_token if it's a Jinja template.
Allows for looking up tokens from files or pulling from secrets stores like Vault.
* add Linode changelog fragment
* Fix lookup example for newer versions of Ansible
Co-authored-by: Felix Fontein <felix@fontein.de>
* Rename test case for clarity
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* bugfix: don't overwrite results in 'mismatched'
Whichever mismatched package is evaluated last is the value stored in the
'mismatched' key. Instead, it should have a subdict for each pkg that is mismatched
to keep in line with its documented usage.
* Update changelogs/fragments/4078-python_requirements_info.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>