* Separate 'state', 'policy' and 'rule' commands
* Support for 'logging' command
* Support for 'direction' and 'interface' attributes
* Reliable change notifications based on 'ufw status verbose' diff
* Update documentation
* Cleanup
* Updated documentation related to IPv6 usage.
BugFixes:
* Solved the default_policy and state mutual exclusive status.
* Fixed changed status for IPv6 addresses.
Added @otnateos patch.
Without the -a option, rpm command will fail (exit code 1) and execute_command() will fail causing an initial key import to not work.
[root@test ~]# rpm -q gpg-pubkey
package gpg-pubkey is not installed
[root@test ~]# echo $?
1
[root@test ~]# rpm -qa gpg-pubkey
[root@test ~]# echo $?
0
Allow security tokens and profiles to be used as arguments
to the 'common' ec2 modules
Mostly refactoring to provide two new methods,
`get_aws_connection_info`, which results in a dict that can be
passed through to the boto `connect_to_region` calls, and
`connect_to_aws` that can pass that dict through to the
`connect_to_region` method of the appropriate module.
Tidied up some variable names
Works around boto/boto#2100
profiles don't work with boto < 2.24, but this detects for that
and fails with an appropriate message. It is designed to work
if profile is not passed but boto < 2.24 is installed.
Modifications to allow empty aws auth variables to be passed
(this is useful if wanting to have the keys as an optional
parameter in ec2 calls - if set, use this value, if not set,
use boto config or env variables)
Reworked validate_certs improvements to work with refactoring
Added documentation for profile and security_token to affected modules
This can happen if the server has a NICKLEN setting which is less
than the length of the specified nick. With this patch we now grab
that nick and use it moving forward, instead of failing because we
didn't get back the one we specified, in the connection response.
In order to simplify the workflow with the GCE modules, it's now
possible to add the parameters and project name as arguments to the
various GCE modules.
The inventory plugin also returns the IP of the host in
`ansible_ssh_host` so that you don't have to specify IPs into the
inventory file.
Some update to the documentation are also added.
Closes#5583.
failed: [127.0.0.1] => {"failed": true, "parsed": false}
invalid output was: Traceback (most recent call last):
File "/tmp/ansible-tmp-1393950384.39-102240090845592/nova_compute", line 1328, in <module>
main()
File "/tmp/ansible-tmp-1393950384.39-102240090845592/nova_compute", line 241, in main
except exc.Unauthorized, e:
NameError: global name 'exc' is not defined
When there is an Openstack instance that has a name that's a partial match
for module.params['name'], but a server with name module.params['name']
doesn't yet exist, this module would fail with a list index out of bounds
error. This fixes that by filtering by exact name and only then getting the
server from the list if the list is still not empty.
The newest version of OpenSSH supports a new, wonderful key type. authorized_key incorrectly discards pubkeys of this type as busted because it doesn't recognize type signature.
If no group was specified, but a group by the same name as the user
exists, an error was raised in the situation where USERGROUPS_ENAB is
enabled in /etc/login.defs (which is the case for almost every major
linux distro). In this case, the user will be put in group 100 (which
is usually the "users" group on those same distros). This is currently
only done in the base class, as the issue may not exist on other
platforms like AIX or the BSDs.
Fixes#6210
Closes GH-6194.
These changes pass attribute modifications through to new directories during a recursive copy with an addition allowing for the directory mode to be set independantly.
From the documentation it is not immediately clear that the 'target'
option refers to a location on the remote host. This change emphasizes that.
In addition to .sql files, .bz2 and .gz files are supported for dumps and
restores. This is now documented.
Sometimes, `blkid` will incorrectly return no information about a block
device, even if it exists and has a valid filesystem. This causes the
*filesystem* module to fail if *force=no*. Instructing `blkid` to use
`/dev/null` as a cache file will force it to rescan the block device on
each run, making results more consistent.
Signed-off-by: Dustin C. Hatch <admiralnemo@gmail.com>
This addresses GH-5165 and adds the ability to check if a lvol exists.
The tests for this don't fit nicely into the current integration tests so they are below.
```
---
- name: remove any existing lv=one of vg=main
lvol: lv=one vg=main state=absent
- name: remove any existing lv=two of vg=main
lvol: lv=two vg=main state=absent
- name: check to see if lv=one of vg=main exists
lvol: lv=one vg=main state=present
ignore_errors: true
register: lvol_result0
- name: Assert that we will get a "No size given."
assert:
that:
- "'No size given.' in lvol_result0.msg"
- name: create lv=one of vg=main sized 30g
lvol: lv=one size=30g vg=main state=present
register: lvol_result1
- name: Assert that we made changes."
assert:
that:
- "lvol_result1.changed == True"
- name: check to see if lv=one of vg=main exists
lvol: lv=one vg=main state=present
register: lvol_result2
- name: Assert that we did not make changes."
assert:
that:
- "lvol_result2.changed == False"
- name: remove lv=one of vg=main
lvol: lv=one vg=main state=absent
- name: create lv=two of vg=main sized 30G
lvol: lv=two size=30G vg=main state=present
register: lvol_result3
- name: Assert that we made changes."
assert:
that:
- "lvol_result3.changed == True"
- name: reduce lv=two of vg=main to 15G
lvol: lv=two size=15G vg=main state=present
register: lvol_result4
- name: Assert that we made changes."
assert:
that:
- "lvol_result4.changed == True"
- name: increase lv=two of vg=main to 30G
lvol: lv=two size=30G vg=main state=present
register: lvol_result5
- name: Assert that we made changes."
assert:
that:
- "lvol_result5.changed == True"
- name: create lv=two of vg=main sized 30G when already exists at 30G
lvol: lv=two size=30g vg=main state=present
register: lvol_result6
- name: Assert that we did not make changes."
assert:
that:
- "lvol_result6.changed == False"
- name: remove lv=two of vg=main
lvol: lv=two vg=main state=absent
```
Bugfixes:
* the remote_src param was not being converted to a boolean correctly,
resulting in it never being used by the module as the default behavior
was remote_src=True (issue #5581)
* the remote_src param was not listed in the generic file params, leading
to a failure when the above bug regarding remote_src was fixed
* the delimiter should always end with a newline to ensure that the file
fragments do not run together on one line
Fixes#5581
PyPI moved to a CDN on 2013-05-26, so mirrors are now largely
unnecessary and pip removed the functionality in 1.5. More importantly
(and why I wrote this request): on 2014-02-15 the mirror directory was
taken offline, so mirrors may not work anymore even for pip versions
that support them.
When disabled, the boto connection will be instantiated without validating
the SSL certificate from the target endpoint. This allows the modules to connect
to Eucalyptus instances running with self-signed certs without errors.
Fixes#3978
The SET GLOBAL statement requires properly quoting of values. For example, the
following correct queries will fail if quotes are toggled:
mysql> SET GLOBAL innodb_lru_scan_depth = 2000;
mysql> SET GLOBAL master_info_repository = "TABLE";
`mysql_variable` module doesn't quote the value argument, therefore
string values will fail.
# this task will pass, 2000 is passed without quotes
- name: set a numeric value
mysql_variable: variable=innodb_lru_scan_depth value=2000
# this task will fail, TABLE is passed without quotes
- name: set a string value
mysql_variable: variable=master_info_repository value=TABLE
With this patch prepared statements are used. Proper quoting will be
done automatically based on the type of the variables thus an attempt
to convert to int, then to float is done in first place.
Booleans values, ie: ON, OFF, are not specially handled because they
can be quoted. For example, the following queries are correct and
equivalent, they all set _innodb_file_per_table_ to logical _True_:
mysql> SET GLOBAL innodb_file_per_table = "ON";
mysql> SET GLOBAL innodb_file_per_table = ON;
mysql> SET GLOBAL innodb_file_per_table = 1;
Tested in mysql 5.5 and 5.6.
There is a bit going on with the changes here. Most of the changes are cleanup of files so that they line up with the standard files.
PR #5136 was merged into the current devel and brought up to working order. A few bug fixes had to be done to get the code to test correctly. Thanks out to @pib!
Issue #5431 was not able to be confirmed as it behaved as expected with a sudo user.
Tests were added via a playbook with archive files to verify functionality.
All tests fire clean including custom playbooks across multiple linux and solaris systems.
For some tasks, I need to drop the username/api_key into configuration
files. Rather than rely on how I'm calling the rax modules. It seemed
more appropriate to authenticate against Rackspace and return the wealth
of information contained in the pyrax identity payload with other
modules/templates.
- removed previous 'typification' of input as it needs it is typed by
module as strings and needs to be output as strings, making it
useless.
- now checks for vtype and value against None when question is specified
- simplified set_selections as vtype and value should have a string
value going in.
- added example of querying questions for a package
- added module requirement of question,vtype and value being required
together.
- field names are more consistent with debconf
- values are now 'booleanized' or accepted as list/set objects when
pertinent
- updated docs to reflect all of the above and debconf cli tools
required
There is a subtle bug in how the git module currently works. If the
version you request is a tag name, and you've already got the repo
cloned, and the tag name is a new tag, but refers to the already checked
out working copy, the git module would exit early without change. This
is bad as it means the new tag ref was not fetched and could not be used
in later tasks.
This change will check if the version is a remote tag, and if the tag
doesn't exist locally. If that is true, it'll do a fetch.
The activity could still be seen as not a change, because the working
copy won't be updated, if the new tag refers to the already checked out
copy, but that's not different than before and can be fixed as a more
comprehensive overhaul of tracking change in the git module.
A fix for uri module regarding following redirects. The old behavior would follow redirects either way. This change clarifies the functionality and makes it a bit more explicit. Comparing the old behavior to the new 'yes' == 'all', 'no' == 'safe' and now 'no' will not follow any redirects. Historic behavior is still supported and documented with a push to the new values.
Refactor the currently well-factored ec2 modules (i.e. those that already use ec2_connect) to
have a common argument spec. The idea is that new modules can use this spec without duplication
of code, and that new functionality can be added to the ec2 connection code (e.g. security
token argument)
This is accomplished by not setting the If-Modified-Since header,
and setting "cache-control: no-cache" instead. Note that if the
file content has not changed, the module will still report that
changed=false, as the md5's of the tmp file and existing file are
compared before swapping
Fixes#5104