mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
3d2caf3933
* passwordstore: Add configurable locking
Passwordstore cannot be accessed safely in parallel, which causes
various issues:
- When accessing the same path, multiple different secrets are
returned when the secret didn't exist (missing=create).
- When accessing the same _or different_ paths, multiple pinentry
dialogs will be spawned by gpg-agent sequentially, having to enter
the password for the same gpg key multiple times in a row.
- Due to issues in gpg dependencies, accessing gpg-agent in parallel
is not reliable, causing plays to fail (this can be fixed by adding
`auto-expand-secmem` to _~/.gnupg/gpg-agent.conf_ though).
These problems have been described in various github issues in the past,
e.g., ansible/ansible#23816 and ansible/ansible#27277.
This cannot be worked around in playbooks by users in a non-error-prone
way.
It is addressed by adding new configuration options:
- lock:
- readwrite: Lock all operations
- write: Only lock write operations (default)
- none: Disable locking
- locktimeout: Time to wait for getting a lock (s/m/h suffix)
(defaults to 15m)
These options can also be set in ansible.cfg, e.g.:
[passwordstore_lookup]
lock=readwrite
locktimeout=30s
Also, add a note about modifying gpg-agent.conf.
* Tidy up locking config
There is no reason why lock configuration should be part of self.paramvals.
Now locking and its configuration happen all in one place.
* Change timeout description wording to the suggested value.
* Rearrange plugin setup, apply PR feedback
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| .keep | ||
| 4.5.0.yml | ||
| 3703-force-install-homebrew-cask.yml | ||
| 3907-pacman-speedup.yml | ||
| 3916-fix-vdo-options-type.yml | ||
| 4029-proxmox-refactor.yml | ||
| 4061-fix-mail-recipient-encoding.yml | ||
| 4086-rework_of_gitlab_proyect_variable_over_gitlab_group_variable.yml | ||
| 4105-opentelemetry_plugin-enrich_jira_hetzner_jenkins_services.yaml | ||
| 4106-proxmox-efidisk0-support.yaml | ||
| 4136-gitlab_runner-make-project-owned-mutually-exclusive.yml | ||
| 4150-gitlab-project-variable-absent-fix.yml | ||
| 4151-dconf-catch-psutil-nosuchprocess.yaml | ||
| 4154-ini_file_changed.yml | ||
| 4168-add-keycloak-url-timeout.yml | ||
| 4179-linode-inventory-cache.yaml | ||
| 4183-fix-yum_versionlock.yaml | ||
| 4191-proxmox-add-win11.yml | ||
| 4192-improve-passwordstore-consistency.yml | ||
| 4194-configurable-passwordstore-locking.yml | ||
| 4206-imc-rest-module.yaml | ||
| 4219-passwordstore-locale-fix.yml | ||
| 4232-text-converter-import.yml | ||