* enable batch mode (configurable with a config option, on by default)
for sftp transfers, so we can catch errors more easily
* general cleanup in the local connection plugin and fetch action plugin
Fixes#11612
This PR adds the option to retry failed ssh executions, if the failure
is caused by ssh itself, not the remote command. This can be helpful if
there are transient network issues. Retries are only implemented in the
openssh connection plugin and are disabled by default. Retries are
enabled by setting ssh_connection > retries to an integer greater
than 0.
Running a long series of playbooks, or a short playbook against a large
cluster may result in transient ssh failures, some examples logged
[here](https://trello.com/c/1yh6csEQ/13-ssh-errors).
Ansible should be able to retry an ssh connection in order to survive
transient failures.
Ansible marks a host as failed the first time it fails to contact it.
The --force-handlers command line argument was not correctly running
handlers on hosts which had tasks that later failed. This corrects that,
and also allows you to specify force_handlers in ansible.cfg or in a
play.
- become constants inherit existing sudo/su ones
- become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group
- changed method signatures as privlege escalation is collapsed to become
- added tests for su and become, diabled su for lack of support in local.py
- updated playbook,play and task objects to become
- added become to runner
- added whoami test for become/sudo/su
- added home override dir for plugins
- removed useless method from ask pass
- forced become pass to always be string also uses to_bytes
- fixed fakerunner for tests
- corrected reference in synchronize action plugin
- added pfexec (needs testing)
- removed unused sudo/su in runner init
- removed deprecated info
- updated pe tests to allow to run under sudo and not need root
- normalized become options into a funciton to avoid duplication and inconsistencies
- pushed suppored list to connection classs property
- updated all connection plugins to latest 'become' pe
- includes fixes from feedback (including typos)
- added draft docs
- stub of become_exe, leaving for future v2 fixes
Adds new settings for managing retry files:
* retry_files_enabled, defaults to True
* retry_files_save_path, defaults to ~/.ansible-retry
This change was adapted from PR #5515.
Generate warnings when users are shelling out to commands
rather than using modules
Can be turned off on a per-action line with the documented
warn=False flag. Can be turned off globally using
command_warnings = False in ansible config file.
Print out warnings using the standard playbook callbacks.
Created some additional tests in TestRunner.test_command
and also a demonstration playbook.
* Added capability to support multiple keys, so clients from different
machines can connect to a single daemon instance
* Any activity on the daemon will cause the timeout to extend, so that the
daemon must be idle for the full number of minutes before it will auto-
shutdown
* Various other small fixes to remove some redundancy
Fixes#5171
* Adds another module utility file which generalizes the
access of urls via the urllib* libraries.
* Adds a new spec generator for common arguments.
* Makes the user-agent string configurable.
Fixes#6211
The ansible remote port should be None, not 22. Having a default value
of 22 means that '-o Port 22' will be appended to the ssh connection
all of the time. This is incorrect as when one would like to use
something like an ssh configuration file (-F) that sets the port to
something other than 22.
Part of this change requires that we check that, in get_config, the
value is not None before trying to cast it into an integer or float.
- Move all the supported YAML file extensions into a constant
- Use helper functions to avoid duplicate code for group/host vars
- Catch and disallow some confusing situations, such as the presence of
multiple group/host vars files for the same group/host, but with
different extensions. For example having both group_vars/all.yml and
group_vars/all.yaml.
- Catch and report file system permission issues, symlink errors,
unexpected file system objects
- Trivial performance improvement from making fewer stat system calls
- Restructuring that makes it easy for a following patch to support
directory recursion
Using ANSIBLE_ROLE_PATH environment variable or role_path in ansible.cfg
can configure paths where roles will be searched for
extra paths will only be used as a backup once regular locations are exhausted
If a user supplies a string in the config (rather than an int), the code
should fix that- or blow up immediately- rather than allowing that value to
work it's way down and break w/in the connection object; when that happens,
the actual error is opaque and requires pdb.set_trace() to run down.
This shouldn't generally be needed unless you're working in an environment
that uses rediculously long FQDNs; if the name is too long, you wind up
hitting unix domain socket filepath limits enforced by ssh.
Still needs:
* chunked file transfer/receive
* should probably move all send/recv operations to separate
functions to reduce code duplication
* initial connection setup over ssh? or do we handle that in runner?
-c ssh is preferred in most cases if you have ControlPersist available, otherwise if you are comfortable you
can turn off recording while leaving host key checking on, etc.
ansible.constants was calling expanduser (by way of shell_expand_path)
on the entire configured value for the library and *_plugins
configuration values, but these values have always been interpreted as
multiple directories separated by os.pathsep. Thus, if you supplied
multiple directories for one of these values, typically only the first
(at least on *nix) would have e.g. "~" expanded to HOME.
Now PluginLoader does expansion on each individual path in each of
these variables.
commit c36b66dc952dfff91043ecbca56cf3f1f8f00703
Merge: 240d7bf f4cf934
Author: Michael DeHaan <michael@ansibleworks.com>
Date: Tue Jun 18 13:04:51 2013 -0400
Merge branch 'unevaluated-vars' of git://github.com/lorin/ansible into lorin_undefined
Conflicts:
lib/ansible/runner/__init__.py
commit f4cf93436767f73b62a16067ab5e628830045896
Merge: 2531440 07a1365
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Thu Jun 6 11:07:41 2013 -0400
Merge branch 'devel' into unevaluated-vars
commit 253144045cbafd7d72836f1017c62ac4ba623186
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Thu Jun 6 11:06:37 2013 -0400
Fail template from file on undefined vars
If config option is set, raise an exception if templating from a
file and a variable is undefined.
commit aecb71d8b75257f0f3e11a9b176fc3737aecef8d
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Wed Jun 5 17:12:12 2013 -0400
Add fail_on_undefined flag
Add a fail_on_undefined flag to the template and template_from_string methods.
If this flag is true, then re-raise the ninja2.excpetions.UndefinedError instead of
swallowing it.
commit cbb1808f0585f01536240aee05a1bfd06c4b4647
Merge: d4bbf49 41425fb
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Wed Jun 5 16:14:12 2013 -0400
Merge branch 'devel' into unevaluated-vars
commit d4bbf492b0b63c789d66ab60d0ec634d100fca82
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Mon Jun 3 19:46:13 2013 -0400
template: Raise UndefinedError exception
In template_from_string, raise an undefined error if it occurs.
Have the caller catch it and throw an AnsibleUndefinedVariable
commit c94780280515f1f3756fdc429b2b1e87b365e9b7
Merge: 8d919d6 be33bcf
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Mon Jun 3 10:09:43 2013 -0400
Merge branch 'devel' into unevaluated-vars
commit 8d919d6c97b28a42f47ca7248c542695baf6175f
Merge: 0f68ad8 b8630d2
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Thu May 30 16:27:48 2013 -0400
Merge branch 'devel' into unevaluated-vars
commit 0f68ad8193ac17488e339a258f8c63fdae399c26
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Thu May 30 14:32:03 2013 -0400
Optionally fail task on undefined variables
This patch introduces a new configuration option called
error_on_undefined_vars, which defaults to false.
If this option is set to true, then a task which has unevaluated
variables in its arguments will fail instead of running. Output looks
like this:
TASK: [set rabbitmq password] *************************************************
fatal: [10.20.0.7] => Undefined variables: rabbitmq_user, rabbitmq_password
Use DEFAULT_EXECUTABLE when no executable is passed to
_low_level_command_exec
Works as a standard constant - can be overridden in all the normal ways
and defaults to /bin/sh
Motiviation is for a user that only has /bin/bash in /etc/sudoers
Jinja extensions adds features to the jinja2 templating engine. This
patch allows module loading for the templating engine vian an
ansible.cfg configuration key (jinja_extensions).
The default behaviour doesn't change (no module loading).
Requested modules can be added coma separated in ansible.cfg
Adds whitespace handling in jinja_extension config
Added whitespace handling in jinja_extension configuration directive, so
things stay safe if user adds spaces around comas in the directives
list.
Adds config example for jinja_extensions
Added config example with multiple extentions for jinja_extensions
Hash variables are currently overriden if they are redefined. This
doesn't let the user refine hash entries or overriding selected keys,
which can, for some, be a desirable feature.
This patch let the user force hash merging by setting the
hash_behaviour value to "merge" (without the quotes) in ansible.cfg
However, by default, ansible behaves like it always did and if any value
besides "merge" is used ("replace" is suggested in the example ansible.cfg
file), it will also behave as always.
Add constant DEFAULT_MODULE_LANG that defaults to C. Can be set via
environment variable ANSIBLE_MODULE_LANG or configuration variable
module_lang. Updated test-module to have same behavior.
Update constants.py so that one can specify environmental variable
ANSIBLE_SYSLOG_FACILITY or syslog_facility in ansible.cfg to define
the syslog facility to use. Alternatively, you can specify
ansible_syslog_facility in inventory. Runner now replaces
the syslog facility in the openlog() call with the default or
the injected variables ansible_syslog_facility.
This also updates hacking/test-module to behave similarly.
Test for when environment variable and configuration file
variable both set now tests that the environment variable takes
precedence
Removed logic that would never be triggered from
lib/ansible/constants.py
Ansible support configuration in:
```
~/.ansible.cfg
/etc/ansible/ansible.cfg
```
this patch add current user (usefull where user have some different projects) with the oreder:
```
./ansible.cfg
~/.ansible.cfg
/etc/ansible/ansible.cfg
```
Added an ANSIBLE_CONFIG variable to poteentially override
~/.ansible.cfg
Used os.path.expanduser against all paths that might be read in to allow
~ to be used in config files. I'd have preferred it if os.path.expanduser
took None as an argument but it doesn't.
If remote_port *is* set in the ansible config file, then it will be
interpreted as a string (at which point ssh.connect fails with an
obscure message). Most other numeric variables are handled by
the OptionsParser which takes a type variable when setting up the option -
but remote_port is not an option, so never cast to int.
It might be worth adding a type field to get_config that defaults to a string.
That could be e.g. file or int, which then casts it correctly.
to an additional pattern (a subset) specified on the command line. For instance, a playbook could be reusable
and target "webservers" and "dbservers", but you want to test only in the stage environment, or a few boxes at a time.
commit e00368e7c65c65bed11fcaaf83fe8b093dbf492e
Merge: 2ea7110 c039aa0
Author: Michael DeHaan <michael.dehaan@gmail.com>
Date: Thu May 10 01:43:10 2012 -0400
Merge branch 'devel' of https://github.com/weaselkeeper/ansible into weaselkeeper-devel
commit c039aa091582cd31e206692df6f4f148394b41d6
Author: Jim Richardson <weaselkeeper@gmail.com>
Date: Fri May 11 17:55:13 2012 -0700
cleanup and simplification of ANSIBLE_REMOTE_TMP feature
commit d87f15b796b799c375808edc7cc0932d7809d325
Merge: 5917aba 4c2fd25
Author: Jim Richardson <weaselkeeper@gmail.com>
Date: Fri May 11 17:30:16 2012 -0700
Merge branch 'devel' of github.com:weaselkeeper/ansible into devel
commit 5917aba761af2e4163772d2d74e7efc0d169273a
Author: Jim Richardson <jrichardson@classmates.com>
Date: Wed May 9 11:25:45 2012 -0700
ANSIBLE_REMOTE_TMP environment variable sets where ansible will stuf tmp files on remote host. Default is /var/tmp for root, and $HOME/.ansible/tmp for non-root
commit 4c2fd2577769a6392187585828168bcb4a1476da
Author: Jim Richardson <jrichardson@classmates.com>
Date: Wed May 9 11:25:45 2012 -0700
ANSIBLE_REMOTE_TMP environment variable sets where ansible will stuf tmp files on remote host. Default is /var/tmp for root, and $HOME/.ansible/tmp for non-root
* Pattern in API now has a default
* Fixed bug in template module operation detected from running playbook (tests for that pending)
* Workaround for multiprocessing lib being harmlessly squeaky (feeder thread got sentinel)