mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
2416b81aa4
* passwordstore: Add configurable locking Passwordstore cannot be accessed safely in parallel, which causes various issues: - When accessing the same path, multiple different secrets are returned when the secret didn't exist (missing=create). - When accessing the same _or different_ paths, multiple pinentry dialogs will be spawned by gpg-agent sequentially, having to enter the password for the same gpg key multiple times in a row. - Due to issues in gpg dependencies, accessing gpg-agent in parallel is not reliable, causing plays to fail (this can be fixed by adding `auto-expand-secmem` to _~/.gnupg/gpg-agent.conf_ though). These problems have been described in various github issues in the past, e.g., ansible/ansible#23816 and ansible/ansible#27277. This cannot be worked around in playbooks by users in a non-error-prone way. It is addressed by adding new configuration options: - lock: - readwrite: Lock all operations - write: Only lock write operations (default) - none: Disable locking - locktimeout: Time to wait for getting a lock (s/m/h suffix) (defaults to 15m) These options can also be set in ansible.cfg, e.g.: [passwordstore_lookup] lock=readwrite locktimeout=30s Also, add a note about modifying gpg-agent.conf. * Tidy up locking config There is no reason why lock configuration should be part of self.paramvals. Now locking and its configuration happen all in one place. * Change timeout description wording to the suggested value. * Rearrange plugin setup, apply PR feedback |
||
|---|---|---|
| .. | ||
| fragments | ||
| .gitignore | ||
| changelog.yaml | ||
| config.yaml | ||