cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

validate-modules: Fix all system modules (#52384)

Browse source 
This PR includes validate-modules fixes for all system modules.
Except a few that are deliberately implemented like this.
This commit is contained in:
Dag Wieers 2019-02-19 15:42:14 +01:00 committed by GitHub
parent c9eb186a94
commit 8c74df5e67
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
26 changed files with 568 additions and 495 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/ansible/modules/system/aix_inittab.py
View file

@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
author:
- Joris Weijters (@molekuul)
@ -42,7 +42,7 @@ options:
- bootwait
- hold
- initdefault
- off
- 'off'
- once
- ondemand
- powerfail
@ -174,7 +174,7 @@ def main():
]),
command=dict(type='str', required=True),
insertafter=dict(type='str'),
state=dict(type='str', required=True, choices=['absent', 'present']),
state=dict(type='str', default='present', choices=['absent', 'present']),
),
supports_check_mode=True,
)

1
lib/ansible/modules/system/capabilities.py
View file

@ -24,6 +24,7 @@ options:
- Specifies the path to the file to be managed.
type: str
required: yes
aliases: [ key ]
capability:
description:
- Desired capability to set (with operator and flags, if state is C(present)) or remove (if state is C(absent))

65
lib/ansible/modules/system/cron.py
View file

@ -15,7 +15,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
DOCUMENTATION = r'''
---
module: cron
short_description: Manage cron.d and crontab entries
@ -27,67 +27,78 @@ description:
which is used by future ansible/module calls to find/check the state. The "name"
parameter should be unique, and changing the "name" value will result in a new cron
task being created (or a different one being removed).'
- 'When environment variables are managed: no comment line is added, but, when the module
- When environment variables are managed, no comment line is added, but, when the module
needs to find/check the state, it uses the "name" parameter to find the environment
variable definition line.'
- 'When using symbols such as %, they must be properly escaped.'
variable definition line.
- When using symbols such as %, they must be properly escaped.
version_added: "0.9"
options:
name:
description:
- Description of a crontab entry or, if env is set, the name of environment variable.
Required if state=absent. Note that if name is not set and state=present, then a
- Required if C(state=absent).
- Note that if name is not set and C(state=present), then a
new crontab entry will always be created, regardless of existing ones.
This parameter will always be required in future releases.
- This parameter will always be required in future releases.
type: str
user:
description:
- The specific user whose crontab should be modified.
default: root
- When unset, this parameter defaults to using C(root).
type: str
job:
description:
- The command to execute or, if env is set, the value of environment variable.
The command should not contain line breaks.
Required if state=present.
- The command should not contain line breaks.
- Required if C(state=present).
type: str
aliases: [ value ]
state:
description:
- Whether to ensure the job or environment variable is present or absent.
type: str
choices: [ absent, present ]
default: present
cron_file:
description:
- If specified, uses this file instead of an individual user's crontab.
If this is a relative path, it is interpreted with respect to
/etc/cron.d. (If it is absolute, it will typically be /etc/crontab).
Many linux distros expect (and some require) the filename portion to consist solely
- If this is a relative path, it is interpreted with respect to I(/etc/cron.d).
- If it is absolute, it will typically be I(/etc/crontab).
- Many linux distros expect (and some require) the filename portion to consist solely
of upper- and lower-case letters, digits, underscores, and hyphens.
To use the C(cron_file) parameter you must specify the C(user) as well.
- To use the C(cron_file) parameter you must specify the C(user) as well.
type: str
backup:
description:
- If set, create a backup of the crontab before it is modified.
The location of the backup is returned in the C(backup_file) variable by this module.
type: bool
default: 'no'
default: no
minute:
description:
- Minute when the job should run ( 0-59, *, */2, etc )
type: str
default: "*"
hour:
description:
- Hour when the job should run ( 0-23, *, */2, etc )
type: str
default: "*"
day:
description:
- Day of the month the job should run ( 1-31, *, */2, etc )
type: str
default: "*"
aliases: [ dom ]
month:
description:
- Month of the year the job should run ( 1-12, *, */2, etc )
type: str
default: "*"
weekday:
description:
- Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc )
type: str
default: "*"
aliases: [ dow ]
reboot:
@ -95,10 +106,11 @@ options:
- If the job should be run at reboot. This option is deprecated. Users should use special_time.
version_added: "1.0"
type: bool
default: "no"
default: no
special_time:
description:
- Special time specification nickname.
type: str
choices: [ annually, daily, hourly, monthly, reboot, weekly, yearly ]
version_added: "1.3"
disabled:
@ -106,24 +118,27 @@ options:
- If the job should be disabled (commented out) in the crontab.
- Only has effect if C(state=present).
type: bool
default: 'no'
default: no
version_added: "2.0"
env:
description:
- If set, manages a crontab's environment variable. New variables are added on top of crontab.
"name" and "value" parameters are the name and the value of environment variable.
- If set, manages a crontab's environment variable.
- New variables are added on top of crontab.
- C(name) and C(value) parameters are the name and the value of environment variable.
type: bool
default: "no"
default: no
version_added: "2.1"
insertafter:
description:
- Used with C(state=present) and C(env). If specified, the environment variable will be
inserted after the declaration of specified environment variable.
- Used with C(state=present) and C(env).
- If specified, the environment variable will be inserted after the declaration of specified environment variable.
type: str
version_added: "2.1"
insertbefore:
description:
- Used with C(state=present) and C(env). If specified, the environment variable will be
inserted before the declaration of specified environment variable.
- Used with C(state=present) and C(env).
- If specified, the environment variable will be inserted before the declaration of specified environment variable.
type: str
version_added: "2.1"
requirements:
- cron
@ -133,9 +148,9 @@ author:
- Patrick Callahan (@dirtyharrycallahan)
- Evan Kaufman (@EvanK)
- Luca Berruti (@lberruti)
"""
'''
EXAMPLES = '''
EXAMPLES = r'''
- name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null"
cron:
name: "check dirs"

25
lib/ansible/modules/system/cronvar.py
View file

@ -20,58 +20,65 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = """
DOCUMENTATION = r'''
---
module: cronvar
short_description: Manage variables in crontabs
description:
- Use this module to manage crontab variables. This module allows
you to create, update, or delete cron variable definitions.
- Use this module to manage crontab variables.
- This module allows you to create, update, or delete cron variable definitions.
version_added: "2.0"
options:
name:
description:
- Name of the crontab variable.
type: str
required: yes
value:
description:
- The value to set this variable to.
- Required if C(state=present).
type: str
insertafter:
description:
- If specified, the variable will be inserted after the variable specified.
- Used with C(state=present).
type: str
insertbefore:
description:
- Used with C(state=present). If specified, the variable will be inserted
just before the variable specified.
type: str
state:
description:
- Whether to ensure that the variable is present or absent.
type: str
choices: [ absent, present ]
default: present
user:
description:
- The specific user whose crontab should be modified.
default: root
- This parameter defaults to C(root) when unset.
type: str
cron_file:
description:
- If specified, uses this file instead of an individual user's crontab.
Without a leading /, this is assumed to be in /etc/cron.d. With a leading
/, this is taken as absolute.
- Without a leading C(/), this is assumed to be in I(/etc/cron.d).
- With a leading C(/), this is taken as absolute.
type: str
backup:
description:
- If set, create a backup of the crontab before it is modified.
The location of the backup is returned in the C(backup) variable by this module.
type: bool
default: 'no'
default: no
requirements:
- cron
author:
- Doug Luce (@dougluce)
"""
'''
EXAMPLES = '''
EXAMPLES = r'''
- name: Ensure entry like "EMAIL=doug@ansibmod.con.com" exists
cronvar:
name: EMAIL

28
lib/ansible/modules/system/crypttab.py
View file

@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: crypttab
short_description: Encrypted Linux block devices
@ -24,38 +24,44 @@ options:
- Name of the encrypted block device as it appears in the C(/etc/crypttab) file, or
optionally prefixed with C(/dev/mapper/), as it appears in the filesystem. I(/dev/mapper/)
will be stripped from I(name).
type: str
required: yes
state:
description:
- Use I(present) to add a line to C(/etc/crypttab) or update it's definition
if already present. Use I(absent) to remove a line with matching I(name).
Use I(opts_present) to add options to those already present; options with
different values will be updated. Use I(opts_absent) to remove options from
the existing set.
- Use I(present) to add a line to C(/etc/crypttab) or update its definition
if already present.
- Use I(absent) to remove a line with matching I(name).
- Use I(opts_present) to add options to those already present; options with
different values will be updated.
- Use I(opts_absent) to remove options from the existing set.
type: str
required: yes
choices: [ absent, opts_absent, opts_present, present ]
backing_device:
description:
- Path to the underlying block device or file, or the UUID of a block-device
prefixed with I(UUID=).
type: str
password:
description:
- Encryption password, the path to a file containing the password, or
C(none) or C(-) if the password should be entered at boot.
default: 'none'
C(-) or unset if the password should be entered at boot.
type: path
opts:
description:
- A comma-delimited list of options. See C(crypttab(5) ) for details.
type: str
path:
description:
- Path to file to use instead of C(/etc/crypttab). This might be useful
in a chroot environment.
- Path to file to use instead of C(/etc/crypttab).
- This might be useful in a chroot environment.
type: path
default: /etc/crypttab
author:
- Steve (@groks)
'''
EXAMPLES = '''
EXAMPLES = r'''
- name: Set the options explicitly a device which must already exist
crypttab:
name: luks-home

22
lib/ansible/modules/system/debconf.py
View file

@ -11,12 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['stableinterface'],
'supported_by': 'core'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: debconf
short_description: Configure a .deb package
description:
- Configure a .deb package using debconf-set-selections. Or just query existing selections.
- Configure a .deb package using debconf-set-selections.
- Or just query existing selections.
version_added: "1.6"
notes:
- This module requires the command line debconf tools.
@ -24,37 +25,42 @@ notes:
Use 'debconf-show <package>' on any Debian or derivative with the package
installed to see questions/settings available.
- Some distros will always record tasks involving the setting of passwords as changed. This is due to debconf-get-selections masking passwords.
requirements: [ debconf, debconf-utils ]
requirements:
- debconf
- debconf-utils
options:
name:
description:
- Name of package to configure.
type: str
required: true
aliases: [ pkg ]
question:
description:
- A debconf configuration setting.
type: str
aliases: [ selection, setting ]
vtype:
description:
- The type of the value supplied.
- C(seen) was added in 2.2.
choices: [ boolean, error, multiselect, note, password, seen, select, string, text, title, text ]
- C(seen) was added in Ansible 2.2.
type: str
choices: [ boolean, error, multiselect, note, password, seen, select, string, text, title ]
value:
description:
- Value to set the configuration to.
type: str
aliases: [ answer ]
unseen:
description:
- Do not set 'seen' flag when pre-seeding.
type: bool
default: False
default: no
author:
- Brian Coca (@bcoca)
'''
EXAMPLES = '''
EXAMPLES = r'''
- name: Set default locale to fr_FR.UTF-8
debconf:
name: locales

13
lib/ansible/modules/system/firewalld.py
View file

@ -7,12 +7,10 @@
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = r'''
---
module: firewalld
@ -57,12 +55,11 @@ options:
version_added: "2.8"
zone:
description:
- >
The firewalld zone to add/remove to/from (NOTE: default zone can be configured per system but "public" is default from upstream.
- The firewalld zone to add/remove to/from.
- Note that the default zone can be configured per system but C(public) is default from upstream.
- Available choices can be extended based on per-system configs, listed here are "out of the box" defaults).
- Possible values include C(block), C(dmz), C(drop), C(external), C(home), C(internal), C(public), C(trusted), C(work) ]
type: str
default: system-default(public)
permanent:
description:
- Should this configuration be in the running firewalld configuration or persist across reboots.
@ -109,8 +106,10 @@ notes:
The module will not take care of this for you implicitly because that would undo any previously performed immediate actions which were not
permanent. Therefore, if you require immediate access to a newly created zone it is recommended you reload firewalld immediately after the zone
creation returns with a changed state and before you perform any other immediate, non-permanent actions on that zone.
requirements: [ 'firewalld >= 0.2.11' ]
author: "Adam Miller (@maxamillion)"
requirements:
- firewalld >= 0.2.11
author:
- Adam Miller (@maxamillion)
'''
EXAMPLES = r'''

219
lib/ansible/modules/system/iptables.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright: (c) 2015, Linus Unnebäck <linus@folkdatorn.se>
# Copyright: (c) 2017, Sébastien DA ROCHA <sebastien@da-rocha.net>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -12,7 +12,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'core'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: iptables
short_description: Modify iptables rules
@ -28,60 +28,61 @@ description:
same as the behaviour of the C(iptables) and C(ip6tables) command which
this module uses internally.
notes:
- This module just deals with individual rules. If you need advanced
- This module just deals with individual rules.If you need advanced
chaining of rules the recommended way is to template the iptables restore
file.
options:
table:
description:
- This option specifies the packet matching table which the command
should operate on. If the kernel is configured with automatic module
loading, an attempt will be made to load the appropriate module for
that table if it is not already there.
- This option specifies the packet matching table which the command should operate on.
- If the kernel is configured with automatic module loading, an attempt will be made
to load the appropriate module for that table if it is not already there.
type: str
choices: [ filter, nat, mangle, raw, security ]
default: filter
state:
description:
- Whether the rule should be absent or present.
type: str
choices: [ absent, present ]
default: present
action:
description:
- Whether the rule should be appended at the bottom or inserted at the top.
- If the rule already exists the chain won't be modified.
- If the rule already exists the chain will not be modified.
type: str
choices: [ append, insert ]
default: append
version_added: "2.2"
rule_num:
description:
- Insert the rule as the given rule number. This works only with
action = 'insert'.
- Insert the rule as the given rule number.
- This works only with C(action=insert).
type: str
version_added: "2.5"
ip_version:
description:
- Which version of the IP protocol this rule should apply to.
type: str
choices: [ ipv4, ipv6 ]
default: ipv4
chain:
description:
- "Specify the iptables chain to modify. This could be a user-defined chain or one of the standard iptables chains:"
- C(INPUT)
- C(FORWARD)
- C(OUTPUT)
- C(PREROUTING)
- C(POSTROUTING)
- C(SECMARK)
- C(CONNSECMARK)
- Specify the iptables chain to modify.
- This could be a user-defined chain or one of the standard iptables chains, like
C(INPUT), C(FORWARD), C(OUTPUT), C(PREROUTING), C(POSTROUTING), C(SECMARK) or C(CONNSECMARK).
type: str
protocol:
description:
- The protocol of the rule or of the packet to check.
- The specified protocol can be one of tcp, udp, udplite, icmp, esp,
ah, sctp or the special keyword "all", or it can be a numeric value,
representing one of these protocols or a different one. A protocol
name from /etc/protocols is also allowed. A "!" argument before the
protocol inverts the test. The number zero is equivalent to all.
"all" will match with all protocols and is taken as default when this
option is omitted.
- The specified protocol can be one of C(tcp), C(udp), C(udplite), C(icmp), C(esp),
C(ah), C(sctp) or the special keyword C(all), or it can be a numeric value,
representing one of these protocols or a different one.
- A protocol name from I(/etc/protocols) is also allowed.
- A C(!) argument before the protocol inverts the test.
- The number zero is equivalent to all.
- C(all) will match with all protocols and is taken as default when this option is omitted.
type: str
source:
description:
- Source specification.
@ -92,8 +93,9 @@ options:
a remote query such as DNS is a really bad idea.
- The mask can be either a network mask or a plain number, specifying
the number of 1's at the left side of the network mask. Thus, a mask
of 24 is equivalent to 255.255.255.0. A "!" argument before the
of 24 is equivalent to 255.255.255.0. A C(!) argument before the
address specification inverts the sense of the address.
type: str
destination:
description:
- Destination specification.
@ -104,82 +106,96 @@ options:
a remote query such as DNS is a really bad idea.
- The mask can be either a network mask or a plain number, specifying
the number of 1's at the left side of the network mask. Thus, a mask
of 24 is equivalent to 255.255.255.0. A "!" argument before the
of 24 is equivalent to 255.255.255.0. A C(!) argument before the
address specification inverts the sense of the address.
type: str
tcp_flags:
description:
- TCP flags specification.
- C(tcp_flags) expects a dict with the two keys C(flags) and C(flags_set).
type: dict
default: {}
version_added: "2.4"
suboptions:
flags:
description:
- List of flags you want to examine.
type: list
flags_set:
description:
- Flags to be set.
type: list
match:
description:
- Specifies a match to use, that is, an extension module that tests for
a specific property. The set of matches make up the condition under
which a target is invoked. Matches are evaluated first to last if
specified as an array and work in short-circuit fashion, i.e. if one
extension yields false, evaluation will stop.
a specific property.
- The set of matches make up the condition under which a target is invoked.
- Matches are evaluated first to last if specified as an array and work in short-circuit
fashion, i.e. if one extension yields false, evaluation will stop.
type: list
default: []
jump:
description:
- This specifies the target of the rule; i.e., what to do if the packet
matches it. The target can be a user-defined chain (other than the one
- This specifies the target of the rule; i.e., what to do if the packet matches it.
- The target can be a user-defined chain (other than the one
this rule is in), one of the special builtin targets which decide the
fate of the packet immediately, or an extension (see EXTENSIONS
below). If this option is omitted in a rule (and the goto parameter
below).
- If this option is omitted in a rule (and the goto parameter
is not used), then matching the rule will have no effect on the
packet's fate, but the counters on the rule will be incremented.
type: str
log_prefix:
description:
- Specifies a log text for the rule. Only make sense with a LOG jump.
type: str
version_added: "2.5"
goto:
description:
- This specifies that the processing should continue in a user specified
chain. Unlike the jump argument return will not continue processing in
- This specifies that the processing should continue in a user specified chain.
- Unlike the jump argument return will not continue processing in
this chain but instead in the chain that called us via jump.
type: str
in_interface:
description:
- Name of an interface via which a packet was received (only for packets
entering the INPUT, FORWARD and PREROUTING chains). When the "!"
argument is used before the interface name, the sense is inverted. If
the interface name ends in a "+", then any interface which begins with
this name will match. If this option is omitted, any interface name
will match.
entering the C(INPUT), C(FORWARD) and C(PREROUTING) chains).
- When the C(!) argument is used before the interface name, the sense is inverted.
- If the interface name ends in a C(+), then any interface which begins with
this name will match.
- If this option is omitted, any interface name will match.
type: str
out_interface:
description:
- Name of an interface via which a packet is going to be sent (for
packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the
"!" argument is used before the interface name, the sense is inverted.
If the interface name ends in a "+", then any interface which begins
with this name will match. If this option is omitted, any interface
name will match.
packets entering the C(FORWARD), C(OUTPUT) and C(POSTROUTING) chains).
- When the C(!) argument is used before the interface name, the sense is inverted.
- If the interface name ends in a C(+), then any interface which begins
with this name will match.
- If this option is omitted, any interface name will match.
type: str
fragment:
description:
- This means that the rule only refers to second and further fragments
of fragmented packets. Since there is no way to tell the source or
destination ports of such a packet (or ICMP type), such a packet will
not match any rules which specify them. When the "!" argument precedes
fragment argument, the rule will only match head fragments, or
unfragmented packets.
of fragmented packets.
- Since there is no way to tell the source or destination ports of such
a packet (or ICMP type), such a packet will not match any rules which specify them.
- When the "!" argument precedes fragment argument, the rule will only match head fragments,
or unfragmented packets.
type: str
set_counters:
description:
- This enables the administrator to initialize the packet and byte
counters of a rule (during INSERT, APPEND, REPLACE operations).
counters of a rule (during C(INSERT), C(APPEND), C(REPLACE) operations).
type: str
source_port:
description:
- Source port or port range specification. This can either be a service
name or a port number. An inclusive range can also be specified, using
the format first:last. If the first port is omitted, '0' is assumed;
if the last is omitted, '65535' is assumed. If the first port is
greater than the second one they will be swapped.
- Source port or port range specification.
- This can either be a service name or a port number.
- An inclusive range can also be specified, using the format C(first:last).
- If the first port is omitted, C(0) is assumed; if the last is omitted, C(65535) is assumed.
- If the first port is greater than the second one they will be swapped.
type: str
destination_port:
description:
- "Destination port or port range specification. This can either be
@ -189,27 +205,32 @@ options:
first port is greater than the second one they will be swapped.
This is only valid if the rule also specifies one of the following
protocols: tcp, udp, dccp or sctp."
type: str
to_ports:
description:
- "This specifies a destination port or range of ports to use: without
this, the destination port is never altered. This is only valid if the
rule also specifies one of the following protocols: tcp, udp, dccp or
sctp."
- This specifies a destination port or range of ports to use, without
this, the destination port is never altered.
- This is only valid if the rule also specifies one of the protocol
C(tcp), C(udp), C(dccp) or C(sctp).
type: str
to_destination:
description:
- This specifies a destination address to use with DNAT.
- This specifies a destination address to use with C(DNAT).
- Without this, the destination address is never altered.
type: str
version_added: "2.1"
to_source:
description:
- This specifies a source address to use with SNAT.
- This specifies a source address to use with C(SNAT).
- Without this, the source address is never altered.
type: str
version_added: "2.2"
syn:
description:
- This allows matching packets that have the SYN bit set and the ACK
and RST bits unset.
- When negated, this matches all packets with the RST or the ACK bits set.
type: str
choices: [ ignore, match, negate ]
default: ignore
version_added: "2.5"
@ -218,28 +239,24 @@ options:
- This allows specifying a DSCP mark to be added to packets.
It takes either an integer or hex value.
- Mutually exclusive with C(set_dscp_mark_class).
type: str
version_added: "2.1"
set_dscp_mark_class:
description:
- This allows specifying a predefined DiffServ class which will be
translated to the corresponding DSCP mark.
- Mutually exclusive with C(set_dscp_mark).
type: str
version_added: "2.1"
comment:
description:
- This specifies a comment that will be added to the rule.
type: str
ctstate:
description:
- "C(ctstate) is a list of the connection states to match in the conntrack
module. Possible states are:"
- C(INVALID)
- C(NEW)
- C(ESTABLISHED)
- C(RELATED)
- C(UNTRACKED)
- C(SNAT)
- C(DNAT)
choices: [ DNAT, ESTABLISHED, INVALID, NEW, RELATED, SNAT, UNTRACKED ]
- C(ctstate) is a list of the connection states to match in the conntrack module.
- Possible states are C(INVALID), C(NEW), C(ESTABLISHED), C(RELATED), C(UNTRACKED), C(SNAT), C(DNAT)
type: list
default: []
limit:
description:
@ -247,54 +264,60 @@ options:
- The number can specify units explicitly, using `/second', `/minute',
`/hour' or `/day', or parts of them (so `5/second' is the same as
`5/s').
type: str
limit_burst:
description:
- Specifies the maximum burst before the above limit kicks in.
type: str
version_added: "2.1"
uid_owner:
description:
- Specifies the UID or username to use in match by owner rule. From
Ansible 2.6 when the C(!) argument is prepended then the it inverts
- Specifies the UID or username to use in match by owner rule.
- From Ansible 2.6 when the C(!) argument is prepended then the it inverts
the rule to apply instead to all users except that one specified.
type: str
version_added: "2.1"
reject_with:
description:
- 'Specifies the error packet type to return while rejecting. It implies
"jump: REJECT"'
type: str
version_added: "2.1"
icmp_type:
description:
- This allows specification of the ICMP type, which can be a numeric
ICMP type, type/code pair, or one of the ICMP type names shown by the
command 'iptables -p icmp -h'
type: str
version_added: "2.2"
flush:
description:
- Flushes the specified table and chain of all rules.
- If no chain is specified then the entire table is purged.
- Ignores all other parameters.
version_added: "2.2"
type: bool
version_added: "2.2"
policy:
description:
- Set the policy for the chain to the given target.
- Only built-in chains can have policies.
- This parameter requires the C(chain) parameter.
- Ignores all other parameters.
type: str
choices: [ ACCEPT, DROP, QUEUE, RETURN ]
version_added: "2.2"
'''
EXAMPLES = '''
# Block specific IP
- iptables:
EXAMPLES = r'''
- name: Block specific IP
iptables:
chain: INPUT
source: 8.8.8.8
jump: DROP
become: yes
# Forward port 80 to 8600
- iptables:
- name: Forward port 80 to 8600
iptables:
table: nat
chain: PREROUTING
in_interface: eth0
@ -306,15 +329,15 @@ EXAMPLES = '''
comment: Redirect web traffic to port 8600
become: yes
# Allow related and established connections
- iptables:
- name: Allow related and established connections
iptables:
chain: INPUT
ctstate: ESTABLISHED,RELATED
jump: ACCEPT
become: yes
# Allow new incoming SYN packets on TCP port 22 (SSH).
- iptables:
- name: Allow new incoming SYN packets on TCP port 22 (SSH).
iptables:
chain: INPUT
protocol: tcp
destination_port: 22
@ -323,44 +346,44 @@ EXAMPLES = '''
jump: ACCEPT
comment: Accept new SSH connections.
# Tag all outbound tcp packets with DSCP mark 8
- iptables:
- name: Tag all outbound tcp packets with DSCP mark 8
iptables:
chain: OUTPUT
jump: DSCP
table: mangle
set_dscp_mark: 8
protocol: tcp
# Tag all outbound tcp packets with DSCP DiffServ class CS1
- iptables:
- name: Tag all outbound tcp packets with DSCP DiffServ class CS1
iptables:
chain: OUTPUT
jump: DSCP
table: mangle
set_dscp_mark_class: CS1
protocol: tcp
# Insert a rule on line 5
- iptables:
- name: Insert a rule on line 5
iptables:
chain: INPUT
protocol: tcp
destination_port: 8080
jump: ACCEPT
rule_num: 5
# Set the policy for the INPUT chain to DROP
- iptables:
- name: Set the policy for the INPUT chain to DROP
iptables:
chain: INPUT
policy: DROP
# Reject tcp with tcp-reset
- iptables:
- name: Reject tcp with tcp-reset
iptables:
chain: INPUT
protocol: tcp
reject_with: tcp-reset
ip_version: ipv4
# Set tcp flags
- iptables:
- name: Set tcp flags
iptables:
chain: OUTPUT
jump: DROP
protocol: tcp
@ -381,7 +404,7 @@ EXAMPLES = '''
- name: iptables flush nat
iptables:
table: nat
chain: "{{ item }}"
chain: '{{ item }}'
flush: yes
with_items: [ 'INPUT', 'OUTPUT', 'PREROUTING', 'POSTROUTING' ]
'''

46
lib/ansible/modules/system/java_cert.py
View file

@ -1,5 +1,6 @@
#!/usr/bin/python
#
# -*- coding: utf-8 -*-
# Copyright: (c) 2013, RSD Services S.A
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -10,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: java_cert
version_added: '2.3'
@ -21,62 +22,75 @@ description:
options:
cert_url:
description:
- Basic URL to fetch SSL certificate from. One of cert_url or cert_path is required to load certificate.
- Basic URL to fetch SSL certificate from.
- One of iC(cert_url) or C(cert_path) is required to load certificate.
type: str
cert_port:
description:
- Port to connect to URL. This will be used to create server URL:PORT
- Port to connect to URL.
- This will be used to create server URL:PORT.
type: int
default: 443
cert_path:
description:
- Local path to load certificate from. One of cert_url or cert_path is required to load certificate.
- Local path to load certificate from.
- One of cert_url or cert_path is required to load certificate.
type: path
cert_alias:
description:
- Imported certificate alias. The alias is used when checking for the
presence of a certificate in the keystore.
- Imported certificate alias.
- The alias is used when checking for the presence of a certificate in the keystore.
type: str
pkcs12_path:
description:
- Local path to load PKCS12 keystore from.
type: path
version_added: "2.4"
pkcs12_password:
description:
- Password for importing from PKCS12 keystore.
type: str
default: ''
version_added: "2.4"
pkcs12_alias:
description:
- Alias in the PKCS12 keystore.
default: 1
type: str
version_added: "2.4"
keystore_path:
description:
- Path to keystore.
type: path
keystore_pass:
description:
- Keystore password.
type: str
required: true
keystore_create:
description:
- Create keystore if it doesn't exist
- Create keystore if it does not exist.
type: bool
keystore_type:
description:
- Keystore type (JCEKS, JKS).
default: None
type: str
version_added: "2.8"
executable:
description:
- Path to keytool binary if not used we search in PATH for it.
type: str
default: keytool
state:
description:
- Defines action which can be either certificate import or removal.
type: str
choices: [ absent, present ]
default: present
author:
- Adam Hamsik (@haad)
'''
EXAMPLES = '''
EXAMPLES = r'''
- name: Import SSL certificate from google.com to a given cacerts keystore
java_cert:
cert_url: google.com
@ -123,7 +137,7 @@ EXAMPLES = '''
state: present
'''
RETURN = '''
RETURN = r'''
msg:
description: Output from stdout of keytool command after execution of given command.
returned: success
@ -131,13 +145,13 @@ msg:
sample: "Module require existing keystore at keystore_path '/tmp/test/cacerts'"
rc:
description: Keytool command execution return value
description: Keytool command execution return value.
returned: success
type: int
sample: "0"
cmd:
description: Executed command to get action done
description: Executed command to get action done.
returned: success
type: str
sample: "keytool -importcert -noprompt -keystore"
@ -310,11 +324,11 @@ def main():
pkcs12_password=dict(type='str', no_log=True),
pkcs12_alias=dict(type='str'),
cert_alias=dict(type='str'),
cert_port=dict(type='int', default='443'),
cert_port=dict(type='int', default=443),
keystore_path=dict(type='path'),
keystore_pass=dict(type='str', required=True, no_log=True),
keystore_create=dict(type='bool', default=False),
keystore_type=dict(type='str', default=None),
keystore_type=dict(type='str'),
executable=dict(type='str', default='keytool'),
state=dict(type='str', default='present', choices=['absent', 'present']),
)

39
lib/ansible/modules/system/make.py
View file

@ -1,23 +1,22 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2015, Linus Unnebäck <linus@folkdatorn.se>
# Copyright: (c) 2015, Linus Unnebäck <linus@folkdatorn.se>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: make
short_description: Run targets in a Makefile
requirements: [ make ]
requirements:
- make
version_added: "2.1"
author: Linus Unnebäck (@LinusU) <linus@folkdatorn.se>
description:
@ -26,21 +25,25 @@ options:
target:
description:
- The target to run.
- "Examples: C(install) or C(test)"
- Typically this would be something like C(install),C(test) or C(all)."
type: str
params:
description:
- Any extra parameters to pass to make
- Any extra parameters to pass to make.
type: dict
chdir:
description:
- Change to this directory before running make
- Change to this directory before running make.
type: path
required: true
file:
description:
- Use a custom Makefile
version_added: 2.5
- Use a custom Makefile.
type: path
version_added: '2.5'
'''
EXAMPLES = '''
EXAMPLES = r'''
- name: Build the default target
make:
chdir: /home/ubuntu/cool-project
@ -66,9 +69,7 @@ EXAMPLES = '''
file: /some-project/Makefile
'''
# TODO: Disabled the RETURN as it was breaking docs building. Someone needs to
# fix this
RETURN = '''# '''
RETURN = r'''# '''
from ansible.module_utils.six import iteritems
from ansible.module_utils.basic import AnsibleModule
@ -105,13 +106,13 @@ def sanitize_output(output):
def main():
module = AnsibleModule(
supports_check_mode=True,
argument_spec=dict(
target=dict(required=False, default=None, type='str'),
params=dict(required=False, default=None, type='dict'),
chdir=dict(required=True, default=None, type='path'),
file=dict(required=False, default=None, type='path')
target=dict(type='str'),
params=dict(type='dict'),
chdir=dict(type='path', required=True),
file=dict(type='path'),
),
supports_check_mode=True,
)
# Build up the invocation of `make` we are going to use
# For non-Linux OSes, prefer gmake (GNU make) over make

52
lib/ansible/modules/system/mount.py
View file

@ -13,7 +13,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'core'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: mount
short_description: Control active and configured mount points
@ -27,33 +27,41 @@ options:
path:
description:
- Path to the mount point (e.g. C(/mnt/files)).
- Before 2.3 this option was only usable as I(dest), I(destfile) and
I(name).
- Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
type: path
required: true
aliases: [ name ]
src:
description:
- Device to be mounted on I(path). Required when I(state) set to
C(present) or C(mounted).
- Device to be mounted on I(path).
- Required when I(state) set to C(present) or C(mounted).
type: path
fstype:
description:
- Filesystem type. Required when I(state) is C(present) or C(mounted).
- Filesystem type.
- Required when I(state) is C(present) or C(mounted).
type: str
opts:
description:
- Mount options (see fstab(5), or vfstab(4) on Solaris).
type: str
dump:
description:
- Dump (see fstab(5)). Note that if set to C(null) and I(state) set to
C(present), it will cease to work and duplicate entries will be made
- Dump (see fstab(5)).
- Note that if set to C(null) and I(state) set to C(present),
it will cease to work and duplicate entries will be made
with subsequent runs.
- Has no effect on Solaris systems.
type: str
default: 0
passno:
description:
- Passno (see fstab(5)). Note that if set to C(null) and I(state) set to
C(present), it will cease to work and duplicate entries will be made
- Passno (see fstab(5)).
- Note that if set to C(null) and I(state) set to C(present),
it will cease to work and duplicate entries will be made
with subsequent runs.
- Deprecated on Solaris systems.
type: str
default: 0
state:
description:
@ -66,38 +74,38 @@ options:
- C(absent) specifies that the device mount's entry will be removed from
I(fstab) and will also unmount the device and remove the mount
point.
type: str
required: true
choices: [ absent, mounted, present, unmounted ]
fstab:
description:
- File to use instead of C(/etc/fstab). You shouldn't use this option
unless you really know what you are doing. This might be useful if
you need to configure mountpoints in a chroot environment. OpenBSD
does not allow specifying alternate fstab files with mount so do not
use this on OpenBSD with any state that operates on the live
filesystem.
default: /etc/fstab (/etc/vfstab on Solaris)
- File to use instead of C(/etc/fstab).
- You should npt use this option unless you really know what you are doing.
- This might be useful if you need to configure mountpoints in a chroot environment.
- OpenBSD does not allow specifying alternate fstab files with mount so do not
use this on OpenBSD with any state that operates on the live filesystem.
- This parameter defaults to /etc/fstab or /etc/vfstab on Solaris.
type: str
boot:
description:
- Determines if the filesystem should be mounted on boot.
- Only applies to Solaris systems.
type: bool
default: 'yes'
default: yes
version_added: '2.2'
backup:
description:
- Create a backup file including the timestamp information so you can get
the original file back if you somehow clobbered it incorrectly.
required: false
type: bool
default: "no"
default: no
version_added: '2.5'
notes:
- As of Ansible 2.3, the I(name) option has been changed to I(path) as
default, but I(name) still works as well.
'''
EXAMPLES = '''
EXAMPLES = r'''
# Before 2.3, option 'name' was used instead of 'path'
- name: Mount DVD read-only
mount:
@ -583,7 +591,7 @@ def main():
opts=dict(type='str'),
passno=dict(type='str'),
src=dict(type='path'),
backup=dict(default=False, type='bool'),
backup=dict(type='bool', default=False),
state=dict(type='str', required=True, choices=['absent', 'mounted', 'present', 'unmounted']),
),
supports_check_mode=True,

113
lib/ansible/modules/system/open_iscsi.py
View file

@ -1,23 +1,23 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2013, Serge van Ginderachter <serge@vanginderachter.be>
# Copyright: (c) 2013, Serge van Ginderachter <serge@vanginderachter.be>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: open_iscsi
author: "Serge van Ginderachter (@srvg)"
author:
- Serge van Ginderachter (@srvg)
version_added: "1.4"
short_description: Manage iscsi targets with open-iscsi
short_description: Manage iSCSI targets with Open-iSCSI
description:
- Discover targets on given portal, (dis)connect targets, mark targets to
manually or auto start, return device nodes of connected targets.
@ -25,85 +25,80 @@ requirements:
- open_iscsi library and tools (iscsiadm)
options:
portal:
required: false
aliases: [ip]
description:
- the ip address of the iscsi target
- The IP address of the iSCSI target.
type: str
aliases: [ ip ]
port:
required: false
description:
- The port on which the iSCSI target process listens.
type: str
default: 3260
description:
- the port on which the iscsi target process listens
target:
required: false
aliases: [name, targetname]
description:
- the iscsi target name
- The iSCSI target name.
type: str
aliases: [ name, targetname ]
login:
required: false
type: bool
description:
- whether the target node should be connected
- Whether the target node should be connected.
type: bool
aliases: [ state ]
node_auth:
required: false
description:
- The value for C(discovery.sendtargets.auth.authmethod).
type: str
default: CHAP
description:
- discovery.sendtargets.auth.authmethod
node_user:
required: false
description:
- discovery.sendtargets.auth.username
- The value for C(discovery.sendtargets.auth.username).
type: str
node_pass:
required: false
description:
- discovery.sendtargets.auth.password
- The value for C(discovery.sendtargets.auth.password).
type: str
auto_node_startup:
aliases: [automatic]
required: false
type: bool
description:
- whether the target node should be automatically connected at startup
- Whether the target node should be automatically connected at startup.
type: bool
aliases: [ automatic ]
discover:
required: false
type: bool
description:
- whether the list of target nodes on the portal should be
(re)discovered and added to the persistent iscsi database.
Keep in mind that iscsiadm discovery resets configurtion, like node.startup
to manual, hence combined with auto_node_startup=yes will always return
- Whether the list of target nodes on the portal should be
(re)discovered and added to the persistent iSCSI database.
- Keep in mind that C(iscsiadm) discovery resets configuration, like C(node.startup)
to manual, hence combined with C(auto_node_startup=yes) will always return
a changed state.
show_nodes:
required: false
type: bool
show_nodes:
description:
- whether the list of nodes in the persistent iscsi database should be
returned by the module
- Whether the list of nodes in the persistent iSCSI database should be returned by the module.
type: bool
'''
EXAMPLES = '''
# perform a discovery on 10.1.2.3 and show available target nodes
- open_iscsi:
EXAMPLES = r'''
- name: Perform a discovery on 10.1.2.3 and show available target nodes
open_iscsi:
show_nodes: yes
discover: yes
portal: 10.1.2.3
# discover targets on portal and login to the one available
# (only works if exactly one target is exported to the initiator)
- open_iscsi:
# NOTE: Only works if exactly one target is exported to the initiator
- name: Discover targets on portal and login to the one available
open_iscsi:
portal: '{{ iscsi_target }}'
login: yes
discover: yes
# description: connect to the named target, after updating the local
# persistent database (cache)
- open_iscsi:
- name: Connect to the named target, after updating the local persistent database (cache)
open_iscsi:
login: yes
target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d'
target: iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d
# description: discconnect from the cached named target
- open_iscsi:
- name: Discconnect from the cached named target
open_iscsi:
login: no
target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d'
target: iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d
'''
import glob
@ -256,23 +251,23 @@ def main():
argument_spec=dict(
# target
portal=dict(required=False, aliases=['ip']),
port=dict(required=False, default=3260),
target=dict(required=False, aliases=['name', 'targetname']),
node_auth=dict(required=False, default='CHAP'),
node_user=dict(required=False),
node_pass=dict(required=False, no_log=True),
portal=dict(type='str', aliases=['ip']),
port=dict(type='str', default=3260),
target=dict(type='str', aliases=['name', 'targetname']),
node_auth=dict(type='str', default='CHAP'),
node_user=dict(type='str'),
node_pass=dict(type='str', no_log=True),
# actions
login=dict(type='bool', aliases=['state']),
auto_node_startup=dict(type='bool', aliases=['automatic']),
discover=dict(type='bool', default=False),
show_nodes=dict(type='bool', default=False)
show_nodes=dict(type='bool', default=False),
),
required_together=[['discover_user', 'discover_pass'],
['node_user', 'node_pass']],
supports_check_mode=True
supports_check_mode=True,
)
global iscsiadm_cmd

100
lib/ansible/modules/system/osx_defaults.py
View file

@ -1,65 +1,77 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2014, GeekChimp - Franck Nijhof <franck@geekchimp.com>
# Copyright: (c) 2014, GeekChimp - Franck Nijhof <franck@geekchimp.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['stableinterface'],
'supported_by': 'community'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: osx_defaults
author: Franck Nijhof (@frenck)
short_description: osx_defaults allows users to read, write, and delete macOS user defaults from Ansible
author:
- Franck Nijhof (@frenck)
short_description: Manage macOS user defaults
description:
- osx_defaults allows users to read, write, and delete macOS user defaults from Ansible scripts.
macOS applications and other programs use the defaults system to record user preferences and other
information that must be maintained when the applications aren't running (such as default font for new
- macOS applications and other programs use the defaults system to record user preferences and other
information that must be maintained when the applications are not running (such as default font for new
documents, or the position of an Info panel).
version_added: "2.0"
options:
domain:
description:
- The domain is a domain name of the form com.companyname.appname.
- The domain is a domain name of the form C(com.companyname.appname).
type: str
default: NSGlobalDomain
host:
description:
- The host on which the preference should apply. The special value "currentHost" corresponds to the
"-currentHost" switch of the defaults commandline tool.
- The host on which the preference should apply.
- The special value C(currentHost) corresponds to the C(-currentHost) switch of the defaults commandline tool.
type: str
version_added: "2.1"
key:
description:
- The key of the user preference
- The key of the user preference.
type: str
required: true
type:
description:
- The type of value to write.
type: str
choices: [ array, bool, boolean, date, float, int, integer, string ]
default: string
choices: [ "array", "bool", "boolean", "date", "float", "int", "integer", "string" ]
array_add:
description:
- Add new elements to the array for a key which has an array as its value.
type: bool
default: 'no'
default: no
value:
description:
- The value to write. Only required when state = present.
- The value to write.
- Only required when C(state=present).
type: raw
state:
description:
- The state of the user defaults
- The state of the user defaults.
type: str
choices: [ absent, present ]
default: present
choices: [ "present", "absent" ]
path:
description:
- The path in which to search for C(osx_defaults).
type: str
default: /usr/bin:/usr/local/bin
notes:
- Apple Mac caches defaults. You may need to logout and login to apply the changes.
'''
EXAMPLES = '''
EXAMPLES = r'''
- osx_defaults:
domain: com.apple.Safari
key: IncludeInternalDebugMenu
@ -345,52 +357,14 @@ class OSXDefaults(object):
def main():
module = AnsibleModule(
argument_spec=dict(
domain=dict(
default="NSGlobalDomain",
required=False,
),
host=dict(
default=None,
required=False,
),
key=dict(
default=None,
),
type=dict(
default="string",
required=False,
choices=[
"array",
"bool",
"boolean",
"date",
"float",
"int",
"integer",
"string",
],
),
array_add=dict(
default=False,
required=False,
type='bool',
),
value=dict(
default=None,
required=False,
type='raw'
),
state=dict(
default="present",
required=False,
choices=[
"absent", "present"
],
),
path=dict(
default="/usr/bin:/usr/local/bin",
required=False,
)
domain=dict(type='str', default='NSGlobalDomain'),
host=dict(type='str'),
key=dict(type='str'),
type=dict(type='str', default='string', choices=['array', 'bool', 'boolean', 'date', 'float', 'int', 'integer', 'string']),
array_add=dict(type='bool', default=False),
value=dict(type='raw'),
state=dict(type='str', default='present', choices=['absent', 'present']),
path=dict(type='str', default='/usr/bin:/usr/local/bin'),
),
supports_check_mode=True,
)

12
lib/ansible/modules/system/pamd.py
View file

@ -36,6 +36,7 @@ options:
- The C(type), C(control) and C(module_path) all must match a rule to be modified.
type: str
required: true
choices: [ account, -account, auth, -auth, password, -password, session, -session ]
control:
description:
- The control of the PAM rule being modified.
@ -54,6 +55,7 @@ options:
description:
- The new type to assign to the new rule.
type: str
choices: [ account, -account, auth, -auth, password, -password, session, -session ]
new_control:
description:
- The new control to assign to the new rule.
@ -87,9 +89,9 @@ options:
default: updated
path:
description:
- This is the path to the PAM service files
- This is the path to the PAM service files.
type: path
default: /etc/pam.d/
default: /etc/pam.d
backup:
description:
- Create a backup file including the timestamp information so you can
@ -224,7 +226,7 @@ EXAMPLES = r'''
RETURN = r'''
change_count:
description: How many rules were changed
description: How many rules were changed.
type: int
sample: 1
returned: success
@ -791,9 +793,9 @@ def main():
("state", "before", ["new_module_path"]),
("state", "after", ["new_control"]),
("state", "after", ["new_type"]),
("state", "after", ["new_module_path"])
("state", "after", ["new_module_path"]),
]
],
)
content = str()
fname = os.path.join(module.params["path"], module.params["name"])

56
lib/ansible/modules/system/puppet.py
View file

@ -1,4 +1,5 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: (c) 2015, Hewlett-Packard Development Company, L.P.
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -10,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['stableinterface'],
'supported_by': 'community'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: puppet
short_description: Runs puppet
@ -21,65 +22,80 @@ options:
timeout:
description:
- How long to wait for I(puppet) to finish.
type: str
default: 30m
puppetmaster:
description:
- The hostname of the puppetmaster to contact.
type: str
modulepath:
description:
- Path to an alternate location for puppet modules.
type: str
version_added: "2.4"
manifest:
description:
- Path to the manifest file to run puppet apply on.
type: str
noop:
description:
- Override puppet.conf noop mode.
- Undefined, use default or puppet.conf value if defined.
- true, Run Puppet agent with C(--noop) switch set.
- false, Run Puppet agent with C(--no-noop) switch set.
- When C(yes), run Puppet agent with C(--noop) switch set.
- When C(no), run Puppet agent with C(--no-noop) switch set.
- When unset (default), use default or puppet.conf value if defined.
type: bool
version_added: "2.8"
facts:
description:
- A dict of values to pass in as persistent external facter facts.
type: dict
facter_basename:
description:
- Basename of the facter output file.
type: str
default: ansible
environment:
description:
- Puppet environment to be used.
type: str
logdest:
description: |
Where the puppet logs should go, if puppet apply is being used. C(all)
will go to both C(stdout) and C(syslog).
choices: [ stdout, syslog, all ]
description:
- Where the puppet logs should go, if puppet apply is being used.
- C(all) will go to both C(stdout) and C(syslog).
type: str
choices: [ all, stdout, syslog ]
default: stdout
version_added: "2.1"
certname:
description:
- The name to use when handling certificates.
type: str
version_added: "2.1"
tags:
description:
- A comma-separated list of puppet tags to be used.
- A list of puppet tags to be used.
type: list
version_added: "2.1"
execute:
description:
- Execute a specific piece of Puppet code.
- It has no effect with a puppetmaster.
type: str
version_added: "2.1"
summarize:
description:
- Whether to print a transaction summary
- Whether to print a transaction summary.
type: bool
version_added: "2.7"
verbose:
description:
- Print extra information
- Print extra information.
type: bool
version_added: "2.7"
debug:
description:
- Enable full debugging
- Enable full debugging.
type: bool
version_added: "2.7"
requirements:
- puppet
@ -87,7 +103,7 @@ author:
- Monty Taylor (@emonty)
'''
EXAMPLES = '''
EXAMPLES = r'''
- name: Run puppet agent and fail if anything goes wrong
puppet:
@ -109,11 +125,13 @@ EXAMPLES = '''
- name: Run puppet using a specific tags
puppet:
tags: update,nginx
tags:
- update
- nginx
- name: Run puppet agent in noop mode
puppet:
noop: true
noop: yes
- name: Run a manifest with debug, log to both syslog and stdout, specify module path
puppet:
@ -160,9 +178,9 @@ def main():
modulepath=dict(type='str'),
manifest=dict(type='str'),
noop=dict(required=False, type='bool'),
logdest=dict(type='str', default='stdout', choices=['stdout',
'syslog',
'all']),
logdest=dict(type='str', default='stdout', choices=['all',
'stdout',
'syslog']),
# internal code to work with --diff, do not use
show_diff=dict(type='bool', default=False, aliases=['show-diff']),
facts=dict(type='dict'),
@ -179,7 +197,7 @@ def main():
mutually_exclusive=[
('puppetmaster', 'manifest'),
('puppetmaster', 'manifest', 'execute'),
('puppetmaster', 'modulepath')
('puppetmaster', 'modulepath'),
],
)
p = module.params

17
lib/ansible/modules/system/runit.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright: (c) 2015, Brian Coca <bcoca@ansible.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -13,19 +13,20 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
# This is a modification of @bcoca's `svc` module
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: runit
author:
- James Sumners (@jsumners)
version_added: "2.3"
short_description: Manage runit services
short_description: Manage runit services
description:
- Controls runit services on remote hosts using the sv utility.
options:
name:
description:
- Name of the service to manage.
type: str
required: yes
state:
description:
@ -35,6 +36,7 @@ options:
C(reloaded) will send a HUP (sv reload).
C(once) will run a normally downed sv once (sv once), not really
an idempotent operation.
type: str
choices: [ killed, once, reloaded, restarted, started, stopped ]
enabled:
description:
@ -43,14 +45,16 @@ options:
service_dir:
description:
- directory runsv watches for services
type: str
default: /var/service
service_src:
description:
- directory where services are defined, the source of symlinks to service_dir.
type: str
default: /etc/sv
'''
EXAMPLES = '''
EXAMPLES = r'''
- name: Start sv dnscache, if not running
runit:
name: dnscache
@ -85,7 +89,6 @@ EXAMPLES = '''
import os
import re
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_native
@ -226,7 +229,7 @@ class Sv(object):
try:
(rc, out, err) = self.module.run_command(' '.join(cmd))
except Exception as e:
self.module.fail_json(msg="failed to execute: %s" % to_native(e), exception=traceback.format_exc())
self.module.fail_json(msg="failed to execute: %s" % to_native(e))
return (rc, out, err)
def report(self):
@ -268,7 +271,7 @@ def main():
else:
sv.disable()
except (OSError, IOError) as e:
module.fail_json(msg="Could not change service link: %s" % to_native(e), exception=traceback.format_exc())
module.fail_json(msg="Could not change service link: %s" % to_native(e))
if state is not None and state != sv.state:
changed = True

13
lib/ansible/modules/system/sefcontext.py
View file

@ -1,4 +1,5 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: (c) 2016, Dag Wieers (@dagwieers) <dag@wieers.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -38,10 +39,12 @@ options:
- C(p) for named pipes,
- C(s) for socket files.
type: str
choices: [ a, b, c, d, f, l, p, s ]
default: a
setype:
description:
- SELinux type for the specified target.
type: str
required: yes
seuser:
description:
@ -63,12 +66,12 @@ options:
- Reload SELinux policy after commit.
- Note that this does not apply SELinux file contexts to existing files.
type: bool
default: 'yes'
default: yes
ignore_selinux_state:
description:
- Useful for scenarios (chrooted environment) that you can't get the real SELinux state.
type: bool
default: false
default: no
version_added: '2.8'
notes:
- The changes are persistent across reboots.
@ -125,7 +128,7 @@ except ImportError:
# Add missing entries (backward compatible)
if HAVE_SEOBJECT:
seobject.file_types.update(dict(
seobject.file_types.update(
a=seobject.SEMANAGE_FCONTEXT_ALL,
b=seobject.SEMANAGE_FCONTEXT_BLOCK,
c=seobject.SEMANAGE_FCONTEXT_CHAR,
@ -134,7 +137,7 @@ if HAVE_SEOBJECT:
l=seobject.SEMANAGE_FCONTEXT_LINK,
p=seobject.SEMANAGE_FCONTEXT_PIPE,
s=seobject.SEMANAGE_FCONTEXT_SOCK,
))
)
# Make backward compatible
option_to_file_type_str = dict(
@ -252,7 +255,7 @@ def main():
module = AnsibleModule(
argument_spec=dict(
ignore_selinux_state=dict(type='bool', default=False),
target=dict(required=True, aliases=['path']),
target=dict(type='str', required=True, aliases=['path']),
ftype=dict(type='str', default='a', choices=option_to_file_type_str.keys()),
setype=dict(type='str', required=True),
seuser=dict(type='str'),

77
lib/ansible/modules/system/selinux.py
View file

@ -1,86 +1,85 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2012, Derek Carter<goozbach@friocorte.com>
# Copyright: (c) 2012, Derek Carter<goozbach@friocorte.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {
'metadata_version': '1.1',
'status': ['stableinterface'],
'supported_by': 'core'
}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: selinux
short_description: Change policy and state of SELinux
description:
- Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue this reboot but will let you know when it is required.
- Configures the SELinux mode and policy.
- A reboot may be required after usage.
- Ansible will not issue this reboot but will let you know when it is required.
version_added: "0.7"
options:
policy:
description:
- "name of the SELinux policy to use (example: C(targeted)) will be required if state is not C(disabled)"
- The name of the SELinux policy to use (e.g. C(targeted)) will be required if state is not C(disabled).
state:
description:
- The SELinux mode
- The SELinux mode.
required: true
choices: [ "enforcing", "permissive", "disabled" ]
conf:
choices: [ disabled, enforcing, permissive ]
configfile:
description:
- path to the SELinux configuration file, if non-standard
default: "/etc/selinux/config"
aliases: ['configfile', 'file']
notes:
- Not tested on any debian based system
- The path to the SELinux configuration file, if non-standard.
default: /etc/selinux/config
aliases: [ conf, file ]
requirements: [ libselinux-python ]
author: "Derek Carter (@goozbach) <goozbach@friocorte.com>"
author:
- Derek Carter (@goozbach) <goozbach@friocorte.com>
'''
EXAMPLES = '''
# Enable SELinux
- selinux:
EXAMPLES = r'''
- name: Enable SELinux
selinux:
policy: targeted
state: enforcing
# Put SELinux in permissive mode, logging actions that would be blocked.
- selinux:
- name: Put SELinux in permissive mode, logging actions that would be blocked.
selinux:
policy: targeted
state: permissive
# Disable SELinux
- selinux:
- name: Disable SELinux
selinux:
state: disabled
'''
RETURN = '''
RETURN = r'''
msg:
description: Messages that describe changes that were made
description: Messages that describe changes that were made.
returned: always
type: str
sample: Config SELinux state changed from 'disabled' to 'permissive'
configfile:
description: Path to SELinux configuration file
description: Path to SELinux configuration file.
returned: always
type: str
sample: /etc/selinux/config
policy:
description: Name of the SELinux policy
description: Name of the SELinux policy.
returned: always
type: str
sample: targeted
state:
description: SELinux mode
description: SELinux mode.
returned: always
type: str
sample: enforcing
reboot_required:
description: Whether or not an reboot is required for the changes to take effect
description: Whether or not an reboot is required for the changes to take effect.
returned: always
type: bool
sample: true
@ -171,11 +170,11 @@ def set_config_policy(module, policy, configfile):
def main():
module = AnsibleModule(
argument_spec=dict(
policy=dict(required=False),
state=dict(choices=['enforcing', 'permissive', 'disabled'], required=True),
configfile=dict(aliases=['conf', 'file'], default='/etc/selinux/config')
policy=dict(type='str'),
state=dict(type='str', required='True', choices=['enforcing', 'permissive', 'disabled']),
configfile=dict(type='str', default='/etc/selinux/config', aliases=['conf', 'file']),
),
supports_check_mode=True
supports_check_mode=True,
)
if not HAS_SELINUX:
@ -210,7 +209,7 @@ def main():
# check to see if policy is set if state is not 'disabled'
if state != 'disabled':
if not policy:
module.fail_json(msg='Policy is required if state is not \'disabled\'')
module.fail_json(msg="Policy is required if state is not 'disabled'")
else:
if not policy:
policy = config_policy
@ -220,14 +219,14 @@ def main():
if module.check_mode:
module.exit_json(changed=True)
# cannot change runtime policy
msgs.append('Running SELinux policy changed from \'%s\' to \'%s\'' % (runtime_policy, policy))
msgs.append("Running SELinux policy changed from '%s' to '%s'" % (runtime_policy, policy))
changed = True
if policy != config_policy:
if module.check_mode:
module.exit_json(changed=True)
set_config_policy(module, policy, configfile)
msgs.append('SELinux policy configuration in \'%s\' changed from \'%s\' to \'%s\'' % (configfile, config_policy, policy))
msgs.append("SELinux policy configuration in '%s' changed from '%s' to '%s'" % (configfile, config_policy, policy))
changed = True
if state != runtime_state:
@ -237,7 +236,7 @@ def main():
# Temporarily set state to permissive
if not module.check_mode:
set_state(module, 'permissive')
module.warn('SELinux state temporarily changed from \'%s\' to \'permissive\'. State change will take effect next reboot.' % (runtime_state))
module.warn("SELinux state temporarily changed from '%s' to 'permissive'. State change will take effect next reboot." % (runtime_state))
changed = True
else:
module.warn('SELinux state change will take effect next reboot')
@ -245,19 +244,19 @@ def main():
else:
if not module.check_mode:
set_state(module, state)
msgs.append('SELinux state changed from \'%s\' to \'%s\'' % (runtime_state, state))
msgs.append("SELinux state changed from '%s' to '%s'" % (runtime_state, state))
# Only report changes if the file is changed.
# This prevents the task from reporting changes every time the task is run.
changed = True
else:
module.warn("Reboot is required to set SELinux state to %s" % state)
module.warn("Reboot is required to set SELinux state to '%s'" % state)
reboot_required = True
if state != config_state:
if not module.check_mode:
set_config_state(module, state, configfile)
msgs.append('Config SELinux state changed from \'%s\' to \'%s\'' % (config_state, state))
msgs.append("Config SELinux state changed from '%s' to '%s'" % (config_state, state))
changed = True
module.exit_json(changed=changed, msg=', '.join(msgs), configfile=configfile, policy=policy, state=state, reboot_required=reboot_required)

29
lib/ansible/modules/system/selinux_permissive.py
View file

@ -1,20 +1,18 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2015, Michael Scherer <misc@zarb.org>
# Copyright: (c) 2015, Michael Scherer <misc@zarb.org>
# inspired by code of github.com/dandiker/
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: selinux_permissive
short_description: Change permissive domain in SELinux policy
@ -25,29 +23,34 @@ options:
domain:
description:
- The domain that will be added or removed from the list of permissive domains.
type: str
required: true
default: ''
aliases: [ name ]
permissive:
description:
- Indicate if the domain should or should not be set as permissive.
required: true
type: bool
required: true
no_reload:
description:
- Disable reloading of the SELinux policy after making change to a domain's permissive setting.
- The default is C(no), which causes policy to be reloaded when a domain changes state.
- Reloading the policy does not work on older versions of the C(policycoreutils-python) library, for example in EL 6."
type: bool
default: 'no'
default: no
store:
description:
- "Name of the SELinux policy store to use."
- Name of the SELinux policy store to use.
type: str
notes:
- Requires a recent version of SELinux and C(policycoreutils-python) (EL 6 or newer).
requirements: [ policycoreutils-python ]
author: Michael Scherer (@mscherer) <misc@zarb.org>
author:
- Michael Scherer (@mscherer) <misc@zarb.org>
'''
EXAMPLES = '''
EXAMPLES = r'''
- name: Change the httpd_t domain to permissive
selinux_permissive:
name: httpd_t
@ -71,12 +74,12 @@ from ansible.module_utils._text import to_native
def main():
module = AnsibleModule(
argument_spec=dict(
domain=dict(aliases=['name'], required=True),
store=dict(required=False, default=''),
domain=dict(type='str', required=True, aliases=['name']),
store=dict(type='str', default=''),
permissive=dict(type='bool', required=True),
no_reload=dict(type='bool', required=False, default=False),
no_reload=dict(type='bool', default=False),
),
supports_check_mode=True
supports_check_mode=True,
)
# global vars

19
lib/ansible/modules/system/seport.py
View file

@ -1,4 +1,5 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: (c) 2014, Dan Keder <dan.keder@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -10,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: seport
short_description: Manages SELinux network port type definitions
@ -20,33 +21,37 @@ version_added: "2.0"
options:
ports:
description:
- Ports or port ranges. Can be a list (since 2.6) or comma separated string.
- Ports or port ranges.
- Can be a list (since 2.6) or comma separated string.
type: list
required: true
proto:
description:
- Protocol for the specified port.
type: str
required: true
choices: [ tcp, udp ]
setype:
description:
- SELinux type for the specified port.
type: str
required: true
state:
description:
- Desired boolean value.
required: true
type: str
choices: [ absent, present ]
default: present
reload:
description:
- Reload SELinux policy after commit.
type: bool
default: 'yes'
default: yes
ignore_selinux_state:
description:
- Run independent of selinux runtime state
type: bool
default: false
default: no
version_added: '2.8'
notes:
- The changes are persistent across reboots.
@ -58,7 +63,7 @@ author:
- Dan Keder (@dankeder)
'''
EXAMPLES = '''
EXAMPLES = r'''
- name: Allow Apache to listen on tcp port 8888
seport:
ports: 8888
@ -258,7 +263,7 @@ def main():
ports=dict(type='list', required=True),
proto=dict(type='str', required=True, choices=['tcp', 'udp']),
setype=dict(type='str', required=True),
state=dict(type='str', required=True, choices=['absent', 'present']),
state=dict(type='str', default='present', choices=['absent', 'present']),
reload=dict(type='bool', default=True),
),
supports_check_mode=True,

4
lib/ansible/modules/system/service.py
View file

@ -72,8 +72,8 @@ options:
aliases: [ args ]
use:
description:
- The service module actually uses system specific modules, normally through auto detection, this setting can force a specific module.
- Normally it uses the value of the 'ansible_service_mgr' fact and falls back to the old 'service' module when none matching is found.
- The service module actually uses system specific modules, normally through auto detection, this setting can force a specific module.
- Normally it uses the value of the 'ansible_service_mgr' fact and falls back to the old 'service' module when none matching is found.
type: str
default: auto
version_added: 2.2

28
lib/ansible/modules/system/solaris_zone.py
View file

@ -1,6 +1,7 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2015, Paul Markham <pmarkham@netrefinery.com>
# Copyright: (c) 2015, Paul Markham <pmarkham@netrefinery.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
@ -10,13 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: solaris_zone
short_description: Manage Solaris zones
description:
- Create, start, stop and delete Solaris zones. This module doesn't currently allow
changing of options for a zone that's already been created.
- Create, start, stop and delete Solaris zones.
- This module does not currently allow changing of options for a zone that is already been created.
version_added: "2.0"
author:
- Paul Markham (@pmarkham)
@ -35,50 +36,59 @@ options:
- C(configured), configure the ready so that it's to be attached.
- C(attached), attach a zone, but do not boot it.
- C(detached), shutdown and detach a zone
type: str
choices: [ absent, attached, configured, detached, installed, present, running, started, stopped ]
default: present
required: true
name:
description:
- Zone name.
type: str
required: true
path:
description:
- The path where the zone will be created. This is required when the zone is created, but not
used otherwise.
type: str
sparse:
description:
- Whether to create a sparse (C(true)) or whole root (C(false)) zone.
type: bool
default: 'no'
default: no
root_password:
description:
- The password hash for the root account. If not specified, the zone's root account
will not have a password.
type: str
config:
description:
- 'The zonecfg configuration commands for this zone. See zonecfg(1M) for the valid options
and syntax. Typically this is a list of options separated by semi-colons or new lines, e.g.
"set auto-boot=true;add net;set physical=bge0;set address=10.1.1.1;end"'
default: empty string
type: str
default: ''
create_options:
description:
- 'Extra options to the zonecfg(1M) create command.'
default: empty string
type: str
default: ''
install_options:
description:
- 'Extra options to the zoneadm(1M) install command. To automate Solaris 11 zone creation,
use this to specify the profile XML file, e.g. install_options="-c sc_profile.xml"'
default: empty string
type: str
default: ''
attach_options:
description:
- 'Extra options to the zoneadm attach command. For example, this can be used to specify
whether a minimum or full update of packages is required and if any packages need to
be deleted. For valid values, see zoneadm(1M)'
default: empty string
type: str
default: ''
timeout:
description:
- Timeout, in seconds, for zone to boot.
type: int
default: 600
'''

38
lib/ansible/modules/system/ufw.py
View file

@ -14,7 +14,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
---
module: ufw
short_description: Manage firewall with UFW
@ -36,20 +36,24 @@ options:
- C(disabled) unloads firewall and disables firewall on boot.
- C(reloaded) reloads firewall.
- C(reset) disables and resets firewall to installation defaults.
type: str
choices: [ disabled, enabled, reloaded, reset ]
policy:
default:
description:
- Change the default policy for incoming or outgoing traffic.
aliases: [ default ]
type: str
choices: [ allow, deny, reject ]
aliases: [ policy ]
direction:
description:
- Select direction for a rule or default policy command.
type: str
choices: [ in, incoming, out, outgoing, routed ]
logging:
description:
- Toggles logging. Logged packets use the LOG_KERN syslog facility.
choices: [ on, off, low, medium, high, full ]
type: str
choices: [ 'on', 'off', low, medium, high, full ]
insert:
description:
- Insert the corresponding rule as rule number NUM.
@ -72,18 +76,15 @@ options:
- C(last-ipv6) interprets the rule number relative to the index of the
last IPv6 rule, or relative to the position where the last IPv6 rule
would be if there is currently none.
choices:
- zero
- first-ipv4
- last-ipv4
- first-ipv6
- last-ipv6
type: str
choices: [ first-ipv4, first-ipv6, last-ipv4, last-ipv6, zero ]
default: zero
version_added: "2.8"
rule:
description:
- Add firewall rule
choices: ['allow', 'deny', 'limit', 'reject']
type: str
choices: [ allow, deny, limit, reject ]
log:
description:
- Log new connections matched to this rule
@ -91,27 +92,34 @@ options:
from_ip:
description:
- Source IP address.
aliases: [ from, src ]
type: str
default: any
aliases: [ from, src ]
from_port:
description:
- Source port.
type: str
to_ip:
description:
- Destination IP address.
aliases: [ dest, to]
type: str
default: any
aliases: [ dest, to]
to_port:
description:
- Destination port.
type: str
aliases: [ port ]
proto:
description:
- TCP/IP protocol.
type: str
choices: [ any, tcp, udp, ipv6, esp, ah, gre, igmp ]
aliases: [ protocol ]
name:
description:
- Use profile located in C(/etc/ufw/applications.d).
type: str
aliases: [ app ]
delete:
description:
@ -120,6 +128,7 @@ options:
interface:
description:
- Specify interface for rule.
type: str
aliases: [ if ]
route:
description:
@ -128,10 +137,11 @@ options:
comment:
description:
- Add a comment to the rule. Requires UFW version >=0.35.
type: str
version_added: "2.4"
'''
EXAMPLES = '''
EXAMPLES = r'''
- name: Allow everything and enable UFW
ufw:
state: enabled

9
lib/ansible/modules/system/user.py
View file

@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['stableinterface'],
'supported_by': 'core'}
DOCUMENTATION = '''
DOCUMENTATION = r'''
module: user
version_added: "0.2"
short_description: Manage user accounts
@ -38,7 +38,6 @@ options:
- macOS only, optionally hide the user from the login window and system preferences.
- The default will be C(yes) if the I(system) option is used.
type: bool
required: false
version_added: "2.6"
non_unique:
description:
@ -163,8 +162,8 @@ options:
description:
- Optionally specify the SSH key filename.
- If this is a relative filename then it will be relative to the user's home directory.
- This parameter defaults to I(.ssh/id_rsa).
type: path
default: .ssh/id_rsa
version_added: "0.9"
ssh_key_comment:
description:
@ -259,7 +258,7 @@ author:
- Stephen Fromm (@sfromm)
'''
EXAMPLES = '''
EXAMPLES = r'''
- name: Add the user 'johnd' with a specific uid and a primary group of 'admin'
user:
name: johnd
@ -300,7 +299,7 @@ EXAMPLES = '''
expires: -1
'''
RETURN = '''
RETURN = r'''
append:
description: Whether or not to append the user to groups
returned: When state is 'present' and the user exists

7
lib/ansible/modules/system/vdo.py
View file

@ -1,15 +1,11 @@
#!/usr/bin/python
#
# Copyright (c) 2018 Red Hat, Inc.
#
# Copyright: (c) 2018, Red Hat, Inc.
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {
'metadata_version': '1.1',
'status': ['preview'],
@ -214,6 +210,7 @@ options:
is only available when creating a new volume, and cannot
be changed for an existing volume.
type: str
choices: [ dense, sparse ]
ackthreads:
description:
- Specifies the number of threads to use for

25
test/sanity/validate-modules/ignore.txt
View file

@ -833,40 +833,15 @@ lib/ansible/modules/storage/zfs/zfs.py E322
lib/ansible/modules/storage/zfs/zfs.py E323
lib/ansible/modules/storage/zfs/zfs_facts.py E323
lib/ansible/modules/storage/zfs/zpool_facts.py E323
lib/ansible/modules/system/aix_inittab.py E324
lib/ansible/modules/system/aix_inittab.py E326
lib/ansible/modules/system/capabilities.py E322
lib/ansible/modules/system/cron.py E324
lib/ansible/modules/system/cronvar.py E324
lib/ansible/modules/system/crypttab.py E324
lib/ansible/modules/system/debconf.py E326
lib/ansible/modules/system/firewalld.py E324
lib/ansible/modules/system/iptables.py E326
lib/ansible/modules/system/java_cert.py E324
lib/ansible/modules/system/known_hosts.py E324
lib/ansible/modules/system/make.py E317
lib/ansible/modules/system/mount.py E324
lib/ansible/modules/system/open_iscsi.py E322
lib/ansible/modules/system/osx_defaults.py E322
lib/ansible/modules/system/osx_defaults.py E324
lib/ansible/modules/system/pamd.py E324
lib/ansible/modules/system/pamd.py E326
lib/ansible/modules/system/puppet.py E322
lib/ansible/modules/system/runit.py E322
lib/ansible/modules/system/runit.py E324
lib/ansible/modules/system/sefcontext.py E326
lib/ansible/modules/system/selinux.py E324
lib/ansible/modules/system/selinux_permissive.py E322
lib/ansible/modules/system/seport.py E324
lib/ansible/modules/system/service.py E210
lib/ansible/modules/system/service.py E323
lib/ansible/modules/system/solaris_zone.py E324
lib/ansible/modules/system/ufw.py E322
lib/ansible/modules/system/ufw.py E326
lib/ansible/modules/system/user.py E210
lib/ansible/modules/system/user.py E324
lib/ansible/modules/system/user.py E327
lib/ansible/modules/system/vdo.py E326
lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py E326
lib/ansible/modules/web_infrastructure/ansible_tower/tower_group.py E324
lib/ansible/modules/web_infrastructure/ansible_tower/tower_job_launch.py E323