Commit graph

2374 commits

Author SHA1 Message Date
Rick Elrod
0d7ab375eb
[centos6] update container for EOL (#72795)
Change:
- Reference:
  https://lists.centos.org/pipermail/centos-devel/2020-December/056208.html
- Bump centos6 container to 1.25.0

Test Plan:
- ci_complete

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-12-02 16:04:38 -06:00
Jordan Borean
7802ca2b06
Add RHEL 7.9 (#72558) - 2.10 (#72568)
* Add RHEL 7.9 - ci_complete (#72558)

(cherry picked from commit d451433e5d)

* Added changelog for RHEL 7.9 (#72572)

(cherry picked from commit bdd0c48837)
2020-12-01 12:51:15 -08:00
Sam Doran
6322630360 [stable-2.10] ansible-test - add cryptography constraint for cffi (#72761)
The recently released version of cffi fails to install on systems with an older version of gcc. In
our case, this in the CentOS 6 test image. There is a fix but it has not yet been released.

https://foss.heptapod.net/pypy/cffi/-/issues/480
(cherry picked from commit 1db9588279)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2020-12-01 09:49:17 -08:00
Sloane Hertel
8bdda8792d
Remove incorrect changelog (#72682)
* also remove offending code
2020-11-30 10:02:26 -06:00
Sam Doran
581337a6d5
[stable-2.10] Fix super annoying Python 2.6 multiprocessing.Queue stack trace in CI (#72604) (#72608)
* Fix super annoying Python 2.6 multiprocessing.Queue stack trace in CI

A bug exists in Python 2.6 that sometimes raises an exception during interpreter shutdown. We
encounter this frequently in our CI since we run tests on CentOS 6 as the control node, which
has Python 2.6.6 with this bug.

This PR adds a very minor sleep only on Python 2.6 which gets around this issue. I did lot of testing
using a standalon script I found that easily duplicated the issue to find the minimum sleep value
needed to avoid this issue.

CPython issue: https://bugs.python.org/issue4106
Fix in CPython: https://hg.python.org/cpython/rev/d316315a8781

* Use correct attribute
(cherry picked from commit bbef250c2b)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2020-11-20 13:10:11 -06:00
Matt Clay
cfa8075537 [stable-2.10] Add coverage exporting to ansible-test
A new `--export` option for `ansible-test coverage combine` allows multi-step aggregation of code coverage for CI pipelines.
(cherry picked from commit fa2be89cd4)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-11-09 23:29:39 -08:00
Matt Clay
8f767f7180 [stable-2.10] Fix container discovery for the acme test plugin.
(cherry picked from commit f022dedd0a)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-11-09 15:30:07 -08:00
Rick Elrod
5bd0df7621
[ansible-test] use newer container images (#72126) (#72550)
Change:
- Bump default, ansible-base, distro containers
- We do NOT add fedora33 yet, because it doesn't work right on Shippable
  due to an old kernel. This will be added post-AZP.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit e7bf0696ef)
2020-11-09 14:23:48 -06:00
Sam Doran
8c5910efe7
[stable-2.10] [dnf] Some fixes around filtering (#72483) (#72500)
* [stable-2.10] [dnf] Some fixes around filtering (#72483)

Change:
- Docs: Add note that security/bugfix apply to dependencies too, like
  the dnf command.

- dnf: security/bugfix only makes sense for updates, so limit the
  package query sack to available updates.

- tests: Limit tests to our known-good test packages, so that RHEL
  packages marked security/bugfix without similarly marked dependencies
  don't fail our tests.

Test Plan:
- Tested with `dnf upgrade-minimal --bugfix` and reproduced the same
  error currently seen in CI, showing that we are consistent with what
  dnf does.

Tickets:
- Likely fixes #72316

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit d8c637da37)

Co-authored-by: Rick Elrod <rick@elrod.me>

* Add changelog (#72502)

(cherry picked from commit b33d7e2e29)

Co-authored-by: Rick Elrod <rick@elrod.me>
2020-11-06 08:56:18 -06:00
Rick Elrod
3e9afdae2e New release v2.10.3 2020-11-02 15:34:41 -06:00
Rick Elrod
10922d58f0 New release v2.10.3rc1 2020-10-26 14:32:55 -05:00
Matt Davis
69d5ce9b41
Remove ansible-galaxy login (#72288) (#72320)
* GitHub is removing the underlying API used to implement the `login` command. Since the general consensus seems to be that relatively nobody currently uses this command (in favor of explicit token passing), support was simply removed for interactive login. If a future need arises, this command should be reimplemented via OAuth Device Auth Grants.
* login or role login commands now produce a fatal error with a descriptive message
* updated 2.10 porting guide entry

* remove dead code/config, update messages and porting guides

(cherry picked from commit 83909bfa22)
2020-10-26 14:31:52 -05:00
Rick Elrod
4159c73db2
[ansible-test] Limit cryptography to <3.2 (#72342) (#72345)
Change:
- Cryptography 3.2 drops support for OpenSSL 1.0.2. Some of our CI
  infrastructure still uses this version (FreeBSD, namely). For now,
  just add a constraint to use old cryptography.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-10-26 13:44:16 -05:00
Felix Fontein
69744aa0a7
[2.10] Fix various sanity errors in plugins (#72168)
* Fix various sanity errors in plugins (#71736)

* Fix various sanity errors in plugins.

* Revert callback_type -> type transform.

* Undo paramiko_ssh 'connection' change, since this discrepancy is hardcoded in the plugin loader.

* Standardize on name and type (for callbacks).

* Fix existing author entries.

* Add 'Unknown (!UNKNOWN)' as author when author is missing.

* These are actually parsed as integers in the code.

* Revert "Add 'Unknown (!UNKNOWN)' as author when author is missing."

This reverts commit 29d1438aca.

(cherry picked from commit aff78f4cbc)

* Undo potentially disrupting normalizations.

* Add changelog fragment for #71736. (#72323)

(cherry picked from commit 0b2b82c0b6)
2020-10-24 06:03:18 -05:00
Sam Doran
8471814f86
[stable-2.10] Fix the reversed order of return values (#72088) (#72300)
AnsibleModule.run_command returns a tuple of return code, stdout and stderr.
The module main function of the user module expects user.create_user to
return a tuple of return code, stdout and stderr.
Fix the locations where stdout and stderr got reversed.

Co-authored-by: Ruediger Pluem <53253255+rpluem-vf@users.noreply.github.com>
2020-10-23 15:58:23 -05:00
Brian Coca
4293718b2a
make collection callbacks follow normal flow (#59932) (#72227)
* fixes missing set_options call and adhoc and stdout processing rules
* avoid dupes
* fixed to handle redirects
* also updated tests with new and more accurate skip message
* fix callback tests for envs with cowsay installed
* lots MOAR comments on why the code is as it is, some todos to refactor in future
2020-10-23 15:54:38 -05:00
Matt Martz
132346cb6a
[stable-2.10] Ensure we call action_loader.get with collection_list (#72206) (#72252)
(cherry picked from commit be5fc4e)
2020-10-23 15:29:16 -05:00
Jordan Borean
ae1ee31b99
Fix race condition when creating async dir (#72069) (#72259)
* Fix race condition when creating async dir

* Simplify exception wrapper

* Remove var used for testing

(cherry picked from commit c9fa1d0e7e)
2020-10-23 15:28:05 -05:00
Rick Elrod
83c34eb7de
[dnf] accumulate update filters (#71726) (#72181)
Change:
- Previously when `security: true` and `bugfix: true` were both given,
  only security updates would get applied. Filters now accumulate so
  that both get applied in this case.

Test Plan:
- New integration tests for both check_mode and not. These tests make
  use of a contrived yum repository which is stored in S3.

Tickets:
- Fixes #70854

Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Matt Martz <matt@sivel.net>

Co-authored-by: Matt Martz <matt@sivel.net>
(cherry picked from commit fdf80690e4)
2020-10-23 14:15:47 -05:00
Matt Clay
3bd6daa4a4 [stable-2.10] Fix ansible-test handling of user-defined docker networks. (#72256)
* Fix ansible-test docker container detection.

* Attach test containers to the correct network.

* Do not assume `localhost` for accesing Docker.

* Look for containers on current network.

* Always map /var/run/docker.sock into containers.

This fixes issues when using a remote Docker host.

* Support container IP lookup from networks list.

* Fix container network attachment.

* Remove redundant container detection messages.

* Limit DOCKER_HOST parsing to TCP.

* Restore docker socket existence check.

The check is skipped if the docker hostname is not localhost.

* Correct changelog entry..
(cherry picked from commit 3c2e8b99be)

Co-authored-by: Matt Clay <mclay@redhat.com>
2020-10-22 21:40:23 -07:00
Abhijeet Kasurde
98cc9cb834
[2.10] AnsibleVaultEncryptedUnicode should be considered a string (#72216)
* AnsibleVaultEncryptedUnicode should be considered a string
* linting fix
* clog frag

(cherry picked from commit 48f12c14e9)

Co-authored-by: Matt Martz <matt@sivel.net>
2020-10-21 18:08:18 -05:00
Ruediger Pluem
7499848cb1
user - allow local users with an expiry date to be created (#72022) (#72085)
The luseradd / lusermod commands do not support the -e option. Set
the expiry time in this case via lchage after the user was
created / modified.

Fixes: #71942

In Python3 math.floor returns an integer whereas Python2 returns a float.
Hence always convert the result of math.floor to an int to ensure that
lexpires is an integer.

Move local expires tests in a separate file and import the tasks to the
main.yml to keep main.yml smaller.

(cherry picked from commit a7170da851)
2020-10-21 17:04:35 -05:00
Matt Clay
6c8d6a3182 [stable-2.10] Fix ansible-test Azure Pipelines container auth.
(cherry picked from commit 2ef4b7e07e)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-10-21 14:15:39 -07:00
Felix Fontein
961ead55c6
Add deprecation collection name to plugin options (#71735) (#72081)
* Add changelog fragment.

* Use correct field that's expected by lib/ansible/cli/__init__.py..

* Add basic unit tests.

(cherry picked from commit 1107aace1b)
2020-10-21 15:58:51 -05:00
Christian Loos
505df0d564
fix distribution fact for SLES4SAP (#71559) (#72026)
b6b238a fixed the SLES4SAP detection, which was at this time ok.
Sadly Suse changed with SLES 15 the /etc/os-release file, so the above
change will no longer work.

This commit updates the SLES4SAP detection regarding
https://www.suse.com/support/kb/doc/?id=000019341.

The symlink realpath is matched with endswith, because in SLES 12+ the
link target is SLES_SAP.prod, but in SLES 11 the link target is
SUSE_SLES_SAP.prod.

(cherry picked from commit ea119d3089)
2020-10-21 15:35:36 -05:00
Martin Krizek
d53d247c84
Only apply the unroll wrapper once (#72003) (#72017)
Co-authored-by: Matt Martz <matt@sivel.net>

Fixes #71920

(cherry picked from commit 4197666179)
2020-10-21 15:32:45 -05:00
Jordan Borean
cd89aadec1
powershell - remove env var (#72010) (#72012)
(cherry picked from commit 3c33618cf6)
2020-10-21 15:27:57 -05:00
Rick Elrod
e6a4585807
[dnf] show installations/removals in check_mode (#70892) (#72180)
Change:
- Previously, we only showed that something would have changed, not what
  would have changed. This allows us to show what will chang as well.

Test Plan:
- Local RHEL8 VM
- New integration tests

Tickets:
- Fixes #66132

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 7d32129efb)
2020-10-21 14:42:26 -05:00
Matt Clay
49504da1ed
[stable-2.10] Support collection constraints in ansible-test. (#72157)
This allows collections to specify requirements and constraints for packages that ansible-test has requirements or constraints for.
(cherry picked from commit 5f76bd2af7)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-10-08 16:17:28 -05:00
Rick Elrod
656c228abe New release v2.10.2 2020-10-05 15:50:46 -05:00
Rick Elrod
68f0fcfbd5 New release v2.10.2rc1 2020-09-28 11:54:17 -05:00
Felix Fontein
8e00447aef
ansible-doc: show correct plugin name (#71966) (#71984)
(cherry picked from commit 0c3a9c7ae6)
2020-09-28 11:36:00 -05:00
Martin Krizek
4df129c6ae
Provide more information in AnsibleUndefinedVariable (#71666) (#71876)
* Provide more information in AnsibleUndefinedVariable

Fixes #55152

(cherry picked from commit 00b22ab55e)
2020-09-28 00:34:38 -05:00
Matt Clay
c4e3552c8d
[stable-2.10] CI provider fixes for ansible-test. (#71929) (#71932)
* Make Azure Pipelines resource_prefix lowercase.

* Make classification of CI files consistent.

* Update package-data sanity test for AZP.
(cherry picked from commit 92b66e3e31)

Co-authored-by: Matt Clay <mclay@redhat.com>
2020-09-28 00:34:12 -05:00
Sloane Hertel
198cffcb52
Fix passing the connection timeout to connection plugins (#71722) (#71785)
(cherry picked from commit 7048542199)
2020-09-28 00:32:04 -05:00
Jordan Borean
2327ef9da8
runas - create new SYSTEM token on become (#71714) (#71751)
(cherry picked from commit fc08c1f3c5)
2020-09-28 00:29:45 -05:00
Matt Davis
07a9de1247
fix coverage output from synthetic packages (#71727) (#71748)
* fix coverage output from synthetic packages

* synthetic packages (eg, implicit collection packages without `__init__.py`) were always created at runtime with empty string source, which was compiled to a code object and exec'd during the package load. When run with code coverage, it created a bogus coverage entry (since the `__synthetic__`-suffixed `__file__` entry didn't exist on disk).
* modified collection loader `get_code` to preserve the distinction between `None` (eg synthetic package) and empty string (eg empty `__init__.py`) values from `get_source`, and to return `None` when the source is `None`. This allows the package loader to skip `exec`ing things that truly have no source file on disk, thus not creating bogus coverage entries, while preserving behavior and coverage reporting for empty package inits that actually exist.

* add unit test

(cherry picked from commit e813b0151c)
2020-09-28 00:29:24 -05:00
Jordan Borean
68278f36fd
psrp - fix hang when copying an empty file (#71649) (#71651)
(cherry picked from commit b615789fcc)
2020-09-28 00:28:01 -05:00
Alicia Cozine
12874bbdea
[2.10] updates intersphinx references for docs links (#71921) (#71945)
* updates intersphinx references for docs links (#71921)

* DOCS: updates intersphinx references for docs links
* TESTS: Raise the number of bytes scanned to determine if a file is binary. The newest ansible-2.10.inv file has its first null byte at position 2261. 4096 is still a cheap chunksize to read so it still makes sense to raise this.

Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit 27826827e9)

* adds changelog for already-merged PR (#71947)
* adds changelogs/fragments/71921-raise-bytes-for-binary-test.yml

Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit 91b0dfb659)
2020-09-25 13:53:44 -05:00
Rick Elrod
72a8b55920 New release v2.10.1 2020-09-14 13:04:22 -05:00
Rick Elrod
387a7199fc New release v2.10.1rc3 2020-09-07 13:52:06 -05:00
Matt Clay
ec8878ced4 [stable-2.10] Use new endpoint for Parallels based instances.
(cherry picked from commit 98febab975)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-09-02 15:08:32 -07:00
Rick Elrod
333f7bc088
[tests] Bump container versions (#71518) (#71598)
Change:
- This pulls in python 3.9.0rc1

Test Plan:
- CI, hopefully

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit db519bc17c)
2020-09-02 14:44:23 -05:00
Matt Clay
4273443686 [stable-2.10] Support macOS 10.15 for ansible-test --remote.
Use of this new version is experimental, so it is not enabled in CI yet.
(cherry picked from commit 2bbcbe99fd)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-09-01 19:07:10 -07:00
Matt Clay
356ea0b8d0
[stable-2.10] Fix ansible-test coverage traceback. (#71446) (#71578)
* [stable-2.10] Fix ansible-test coverage traceback. (#71446)

* Add integration test for ansible-test coverage.

* Fix ansible-test coverage traceback.

* Fix coverage reporting on Python 2.6.
(cherry picked from commit f5b6df14ab)

Co-authored-by: Matt Clay <mclay@redhat.com>

* Add empty ignore.txt file for tests.
2020-09-01 17:05:19 -07:00
Matt Clay
d699d38dd5 [stable-2.10] Update ansible-test remote endpoint handling. (#71413)
* Request ansible-core-ci resources by provider.
* Remove obsolete us-east-2 CI endpoint.
* Add new --remote-endpoint option.
* Add warning for --remote-aws-region option.
* Update service endpoints.
* Allow non-standard remote stages.
* Add changelog fragment.
(cherry picked from commit d099591964)

Co-authored-by: Matt Clay <mclay@redhat.com>
2020-09-01 14:54:17 -07:00
Rick Elrod
0e68601002 New release v2.10.1rc2 2020-09-01 01:01:32 -05:00
Rick Elrod
9a48ffd61b
Attempt at reverting CVE-2020-1736 changes [2.10] (#71514)
* Revert atomic_move changes
* add note about mode reverts in porting guide

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-09-01 01:00:26 -05:00
Rick Elrod
314834c6d3 New release v2.10.1rc1 2020-08-31 19:42:18 -05:00
Rick Elrod
dc97027453
[dnf] ensure packages are gpg-verified (#71539)
Change:
- By default the dnf API does not gpg-verify packages. This is a feature
  that is executed in its CLI code. It never made it into Ansible's
  usage of the API, so packages were previously not verified.
- This fixes CVE-2020-14365.

Test Plan:
- New integration tests

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-08-31 10:05:30 -05:00