`force` option is not unique for non-activationkey registrations and it should
be parsed separately; it is possible to register host with activation key and
force such process.
* redhat_subscription: enforce the need for org_id when AK is used
also update the documentation to reflect that
Fixes: #20542
* redhat_subscription: check for existence of subscription-manager
* Reenable yum install root tests
No need for sos to test installroot. Something with less deps works
just as well.
* Fix yum installroot.
Fix module import to use fail_json when the modules aren't installed.
Remove wildcard imports
* Lsat task is supposed to remove sos so make that happen
This PR improves the documentation so that it is clear that this module does
not clean the repository metadata cache on removal, and add an example
notification handler to the removal example as an extra reminder.
This fixes#19730
* Add --installroot to YUM and DNF modules, issue #11310
This continues ansible-modules-core#1558, and
ansible-modules-core#1669
Allow specifying installroot for the yum and dnf modules
to install and remove packages in a location other than /.
* Remove empty aliases
* Simpler installroot set default logic
This commit also adds the module to DEFAULT_SQUASH_ACTIONS which is
possible with this change.
The module still calls the pkg_* tools once per name internally, so the only
difference is less invocations of the module itself when using with_items.
Previously, packages were installed one at a time in a loop. This caused
a couple of problems.
First, it was a performance issue - pacman would have to perform all of
its checks once per package. This is unnecessarily costly, especially
when you're trying to install several related packages at the same time.
Second, if a package you're trying to install depends on a virtual
package that is provided by several different packages (such as the
"libgl" package on Arch) and you aren't also installing something that
provides that virtual package at the same time, pacman will produce an
interactive prompt to allow the user to select a relevant package. This
is obviously incompatible with how ansible operates. Yes, this problem
could be avoided by installing packages in a different order, but the
order of installation shouldn't matter, and there may be situations
where it is not possible to control the order of installation.
With this refactoring, all of the above problems are avoided. The code
will now work out all of the packages that need to be installed from any
configured repositories and any packages that need to be installed from
local files, and then install all the repository packages in one go and
then all of the local file packages in one go.
It's possible to compress packages using several different compression
methods, or not compressed at all. Previously, the pacman module only
supported files compressed using xz. This update ensures that all
compression types currently supported by pacman are supported by the
ansible pacman module.
The list of supported compression methods at the time of writing can be
found here:
https://git.archlinux.org/pacman.git/tree/scripts/makepkg.sh.in#n747
* added alpha version of the 'sorcery' module
* fully conforming YAML
* use bundled check for executables
* - codex_list(): use commands instead of checksums to get sorcery version and verify codex equality - renamed: - manage_depends() -> match_depends() - tocast -> cast_queue, todispel -> dispel_queue, needs_recast -> depends_ok - SORCERY_LOG -> SORCERY_LOG_DIR, SORCERY_STATE -> SORCERY_STATE_DIR - removed: - SORCERY_VERSION_FILE - CODEX - added commentary to match_depends() and manage_spells() - fixed bug about dropped dependency line for previously existed dependency - fixed bug about not fixing depends for the 'latest' state - simplified several code constructions
* cleaned up some docs
* do not use separate message for Codex update, rely on the 'changed' status instead
* use built-in list conversion (_check_type_list()) for spells
* corrected spell name extraction from list in match_depends()
* avoid non-matching dependencies line duplication in depends file
* added more complex playbook example
* tiny stylistic fix for docs
* replaced ternary construction with a regular statement
* replaced yet another ternary construction with a regular statement
* enable Python 2.4 compatibility by splitting try-finally block
* enable Python 2.4 compatibility by replacing 'with' statement with try-except+try-finally blocks
* unify spells' assign
* replaced one regex with startswith()
* go Ansible 2.1
* added dummy RETURN template
* go Ansible 2.2
* better clarify permissions' requirements
* - updated copyright years - fixed rebuild command bug - re-used run_command_environ_update dict for env var management
* handle Python 3.5
* Revert "handle Python 3.5"
This reverts commit 33a5a0eb64c1193318298e111f063cdd5f93b73a.
* handle Python 3.5 (2nd try)
* go Ansible 2.3
* clarity++
Allow installation of PPA repositories on non-Ubuntu Debian derived
distribution targets (e.g. neon, Mint, Debian itself) by removing the
specific check for UbuntuDistribution before allowing PPA: format
sources. This fixes the addition of PPA repositories under KDE neon (as
the codenames match the base Ubuntu distribution).
To make the functionality also useful under Mint and Debian which have
different codenames to their Ubuntu upstream / downstream releases, add
a 'codename' option to override the default used in the PPA source
entry.
* Add 'on the remote server' to `file` parameter description
* Add example showing how to use the `file` parameter, with specific
language about the file's location being on the 'remote server'
* apt: If the cache object fails to lost due to a corrupt file, try to update the cache until it is fixed.
* Append -q to the update parameters
* Remove unused variable
* Use a string that doesn't rely on internationalization
* Use py24 exception style
* Use get_exception
Fixes#2951
builddep only requires a source package to be in the repos but our code
was checking for a binary package before running buiddep. Reversing the
order makes it work correctly.
Fixes#4519
* Only change to short IDs for delete
If the user specifies long IDs, use them for all commands except for
deleting a key. Need to use short IDs there because of an upstream
apt_key bug. Fixed in apt_key 1.10 (fix is present in Ubuntu 16.04 but
not Ubuntu 14.0 or some Debians).
Fixes#5237
* Check that apt-key really erased the key
When erasing a key, apt-key does not understand how to process subkeys.
This update explicitly checks that the key_id is no longer present and
throws an error if it is. It also hints at subkeys being a possible
problem in the error message and the documentation.
Fixes#5119
* Fix apt_key check mode with long ids
apt-key can be given a key id longer than 16 chars to more accurately
define what key to download. However, we can use a maximum of 16
chars to verify whether a key is installed or not. So we need to use
different lengths for the id depending on what we're doing with it.
Fixes#2622
Also:
* Some style cleanups
* Use get_bin_path to find the path to apt-key and then use that when
invoking apt-key
* Return a nice user error message if the key was not found on the
keyserver
* Make file and keyring parameters type='path' so envars and tilde are
expanded
The implementation is fairly simple, we force the rc= parameter to not be zero so that the check in _executor/task_result.py_ correctly determines that it failed. Without this change Ansible would report the task to be ok (despite failed=True and msg=Some_error_message) although Ansible stops and the summary output reports a failed task.
This fixes#4214, #4384 and also relates to ansible/ansible#12070, ansible/ansible#16006, ansible/ansible##16597, ansible/ansible#17208 and ansible/ansible#17252
This change is in response to issue #1497 where the apt module would not properly updating the apt cache in some situations and never returned a state change on cache update when the module was used without or without an item to be installed or upgraded.
The change simply allows the apt module to update the cache when update_cache option is used without or without a set cache_valid_time.
If cache_valid_time is set and the on disk mtime for apt cache is ">" the provided amount of seconds, which now has a default of 0, the apt cache will be updated. Additionally if no upgrade, package, or deb is installed or changed but the apt cache is updated the module will return a changed state which will help users to know that the state of the environment has changed due to a task operation, even if it was only an apt cache update.
fixes#1497
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
* Pip: handle parsing different pip commands
* Pip: use 'pip list' when available
* Pip: explicitly check which command is used
* Pip: add error checking when fetching packages
Rather than just checking whether a package with the right
name is installed, use `local_nvra` to check whether the
version/release/arch differs too.
Remove `local_name` as it is a shortcut too far.
Fixes#3807Fixes#4529
- Use range instead of xrange.
- Use python3-apt package for python 3.
- Eliminate unsupported for/else/raise usage.
- Use list on dict.items when modifying dict.
- Update requirements documentation.
Also made non-intrustive style fixes (adding blank lines).
Importing a (sign only) subkey with apt_key module always fails,
however the actual keyring gets created and contains the correct keys.
Apparently the all_keys function skips the subkeys, hence the problem.
Fixes#4365
During check_mode (`--check`), the variable change could be
used uninitialized, yielding this error:
`UnboundLocalError: local variable 'changed' referenced before assignment`
This changeset simply initializes it to False.
Change the file mode arg to 'raw' ala file args
Following the file_common_args model, change the
type of the 'mode' arg here to type='raw' with no
default arg value.
The default mode for file creation is the module
constant DEFAULT_SOURCES_PER, and is used if no
mode os specified.
A default mode of 0644 (and not specified as int or str)
would get converted to an octal 420, resulting in the
sources file being created with mode '0420' instead of '0644'
Fixes#16370
Fix KeyError: 'prepared' while installing dependencies using deb=<file>.deb
This error shows up when --diff was not passed by and the deb files has dependencies not yet installed.
Closes#3752.
packaging/language/pip.py:
virtualenv option:
Mention that virtualenv is created if it does not exist.
(Explicit is better than implicit.)
Mention other relevant options.
notes:
initialized -> created
Wrap long lines.
Since fetch_url already take care of the exception, the try/except
clause is no longer working, so replace it with proper status
checking, thus permitting to remove urlib2 from the import list.
for install, remove, deb_install, and upgrade.
Since apt has very commonly familiar output, just use the normal output
from apt-get or aptitude -- trimmed to the interesting parts -- to show
to the user if she specified --diff on the CLI.
Uses the recent support for the `diff['prepared]` key.
Fixesansible/ansible#10239
'server_insecure' maps to the subscription-manager config
(/etc/rhsm/rhsm.conf) value for 'insecure' key in the
'server' stanza. The 'insecure' configures if the https connection
to 'server_hostname' is verified as having been issued by
a CA in 'ca_cert_dir' trust store.
Previous documentation indicating it disables https and
enables http was inaccurate. Connection to server_hostname
always uses https.
This is useful for packages that bootstrap their own apt-key setup - only
the initial installation will require overriding. Notable examples are the
Dropbox and Google Chrome packages.
(Setting force=yes is far too strong: I only want to bypass
authentication!)
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
The returned list of diffs aims to simulate how a file system diff would
look before and after writing the sources list files.
n.b. Ternary conditional is due to failing integration test for
python 2.4
This mirrors a nearly identical change made to apt_repository.py.
Also removes the use of apt-get --force-yes as it can be dangerous
and should not be necessary (apt_repository.py does not use it).
Repeating the explanation from the apt_respository change below:
Since use_unsafe_shell is suspicious from a security point
of view (or it wouldn't be unsafe), the less we have, the less
code we have to thoroughly inspect for a security audit.
In this case, the '&&' can be replaced by doing 2 calls to run_command.
The old method left settings in the environment. The new method takes
care of clearing them after use. In this module, the old method was
also setting the environment too late to affect all the command line
tools which lead to a bug.
Fixes https://github.com/ansible/ansible/issues/14264
On systems with restrictive umasks, the pip module won't allow you to
install pip packages that are usable by everyone on the system. This
commit adds a umask option to optionally override the umask on a
per-package basis.
Since there is no shell escape of the password parameter, a password with
a single quote (or even worst, a single quote and a pipe) could have
unattended consequences. Also, the less we use use_unsafe_shell=True, the
better.
Since use_unsafe_shell is suspicious from a security point
of view (or it wouldn't be unsafe), the less we have, the less
code we have to toroughly inspect for a security audit.
In this case, the '&&' can be replaced by doing 2 calls to run_command.
Without this change, some trouble may occur when "deb" parameter
is used as env vars controlling dpkg are not set. For example,
installing a package that requires user input will never end since
DEBIAN_FRONTEND=noninteractive is not set.
So export env vars in APT_ENV_VARS before run dpkg, like in cases
using apt-get/aptitude.
* This keeps us from hitting bugs in repoquery/yum plugins in certain
instances (#2559).
* The previous is also a small performance boost
* Also in is_installed(), when using the yum API, return if we detect
a package name has been installed. We don't need to also check
virtual provides in that case. This is another small performance
boost.
* Sort the list of packages returned by the list parameter.
If the requirements contains a repos url it will always report 'Successfully
installed'; there is no difference in the output to tell apart if
anything new was pulled. Use freeze to detect if the environment changed
in any way.
Should fixansible/ansible#1705
The yum module allows the 'name' parameter to be given as 'pkg', in
a similar way to some of the other package managers. This change
documents this alias.
The module's 'state' parameter has two other aliases, in line with
the 'apt' action; the 'state' parameter can take 'installed' as an
alias for 'present', and 'removed' as an alias for 'absent'. These
aliases are documented.
Closes#1189.
This will cause the settings in Ansible to override the system settings.
That will have no effect except on systems that have an out-of-Ansible
configuration that disables automatic installation of recommended
packages. Previously, ansible would use the OS default whenever
install_recommends wasn't part of the playbook. This change will cause
the Ansible default configuration setting of installing recommended
packages to override the configuration files set on the OS for things
installed through ansible, even when there is no install_recommends
specified in the playbook. Because the OS default matches the Ansible
default, this shouldn't have wide impact.
This was originally required to allow other methods in SourcesList to
fail, but subsequent changes rendered that unnecessary, and it's just
a cleanup now, and avoids passing in module separately to save().
1. Don't test check_mode in both the caller and in the callee.
2. Don't test HAVE_PYTHON_APT inside an if that tests HAVE_PYTHON_APT
3. Don't be irritatingly vague about why the module fails ("You may be
seeing this because…").
Note that if «apt-get -y install python-apt» succeeds with rc==0, but
for some reason python_apt is not usable afterwards, this will break
because the imports in install_python_apt aren't wrapped inside a
try/except.
In other words, we assume that install_python_apt either succeeds or
fails with a traceback. This commit doesn't affect that behaviour.
The original problem is: apt_repository.py connect to launchpad on
every playbook run. In this patch apt_repository.py checks if required
repository already exists or not. If no - paa will be added, if yes -
just skip actions.
Fix#412. Check mode was always returning changed=True for pip
when the target was in a virtualenv. The code now uses the normal
tests for determining if change status.
* Only install yum-utils if needed (b/c we're going to use repoquery)
* Add a warning message explaining that why slower repoquery was used
rather than yum API.
The message there is that Yum API prints an error message if the
rhn-plugin is in use and no rhn-certificate is available. So instead of
using repoquery in preference always here we use repoquery in preference
if the rhn-plugin is enabled.
The ordering of disabling/enabling yum repositories matters, and
the yum module was mixing and matching the order. Specifically,
when yum-utils isn't installed, the codepath which uses the yum
python module was incorrectly ordering enabling and disabling.
The preferred order is to disable repositories and then enable them
to prevent clobbering. This was previously discussed in
ansible/ansible#5255 and incompletely addressed in 0cca4a3.
When subscribing a system with an activationkey, it seems (sometimes?)
required to pass the "--org <number>" parameter to subscription-manager.
Activation Keys can be created through the Red Hat Customer Portal, and
a subscription can be attached to those. This makes is easy to register
systems without passing username/passwords around.
The organisation ID can be retrieved by executing the following command
on a registered system (*not* the account number):
# subscription-manager identity
URL: https://access.redhat.com/management/activation_keys
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Ken Dreyer <kdreyer@redhat.com>
Prior to this commit, Ansible would pass '--activationkeys <value>' as a
literal string, which the remote server would interpret as a single
argument to subscription-manager.
This led to the following failure message when using an activation key:
subscription-manager: error: no such option: --activationkey "mykey"
Update the arguments so that the remote server will properly interpret
them as two separate values.
In cases when the python-apt package is not installed, ansible will
attempt to install it. After this attempt, it tries to import the
needed apt modules, but forgets to import the apt.debfile module.
The result is that playbooks that use the dpkg argument on a machine
that does not initially have the python-apt package available will
fail with the following error
AttributeError: 'module' object has no attribute 'debfile'
This patch adds the appropriate import to the apt module to ensure
that necessary libraries are available in cases when the dpkg argument
is being used on a system that does not initially have the python-apt
package installed
There is no call to yum_base using 'cachedir' argument, so
while it work fine from a cursory look, that's useless code,
and so should be removed to clarify the code.
Using the rpm module prevent a uneeded fork, and permit
to skip the signature checking which slow down a bit the
operation, and which would be done by yum on installation
anyway.
Yum does not always update to latest package version unless metadata cache has expired. By runing yum makecache, we ensure the metadata cache has been updated.
Signed-off-by: René Moser <mail@renemoser.net>
