Commit graph

6607 commits

Author SHA1 Message Date
James Cammarata
ed3e4aff84 Place retry file in the user's home dir instead of /var/lib/tmp
Addresses CVE-2013-4260: predictable filename used for failed results
in world writable directory.
2013-08-21 11:40:46 -05:00
James Cammarata
6bf5d19506 SSH connection plugin creates ControlPersist socket files in a secure directory
Files were being created in /tmp, but will now be created in $HOME/.ansible/cp/
Addresses CVE-2013-4259: ansible uses a socket with predictable filename in /tmp
2013-08-21 11:40:46 -05:00
Michael Scherer
ddd582269c increase test coverage of inventory by around 5% according to nose 2013-08-21 08:03:41 +02:00
Jesse Keating
36ca709849 Allow for relative paths by using abspath
relative pathing comes in handy on occasion, particularly when
delegating to localhost and running some command out of your playbook
repo. Making use of os.path.abspath will allow for the full path to
chdir and executable to be discovered if not provided.
2013-08-20 22:48:42 -07:00
James Cammarata
ae98a025bb Minor doc fixes for the pkgutil module 2013-08-20 21:08:56 -05:00
Alexander Winkler
59c7ef2afa Added module pkgutil 2013-08-20 21:08:56 -05:00
Stoned Elipot
f0743fc32a Introduce the 'always_run' task clause.
The 'always_run' task clause allows one to execute a task even in
check mode.

While here implement Runner.noop_on_check() to check if a runner
really should execute its task, with respect to check mode option
and 'always_run' clause.

Also add the optional 'jinja2' argument to check_conditional() :
it allows to give this function a jinja2 expression without exposing
the 'jinja2_compare' implementation mechanism.
2013-08-20 23:09:44 +02:00
Michael Scherer
2bdba17a85 make sure ssh do not ask password
For some reason, ssh seems to ask for password even when
PasswordAuthentication is set to no, adding PreferredAuthentications
with the 2 options removed do the trick.
2013-08-20 22:02:37 +02:00
Bruce Pennypacker
2e20387671 yet another rebase attempt 2013-08-20 15:15:58 -04:00
Bruce Pennypacker
0f458210bc Rebase attempt
No idea if I'm rebasing properly or not.  This is my first attempt.
2013-08-20 15:14:16 -04:00
Kavin Kankeshwar
7ac3bbc198 resolved #3609 Change max_fail_pct to max_fail_percentage as recommended 2013-08-20 13:55:34 -05:00
Kavin Kankeshwar
3f247fcbe3 fixes ansible/ansible#3609 Add max_fail_pct to playbook parameter, to complement serial option, So if total number of failures execeed max_fail_pct * total number of hosts, do not go to the next serial batch 2013-08-20 13:55:22 -05:00
James Cammarata
2dd3f01513 Merge pull request #3893 from jonw/devel
docsite typos
2013-08-20 11:45:30 -07:00
Stephen Fromm
77b8ee1f84 Update ansible-pull man page doc (issue #3372) 2013-08-20 13:43:26 -05:00
Stephen Fromm
cc3651592b Extend ansible-pull to support other source repositories
This extends ansible-pull so that it can support using other
source_control modules for checking out a playbook repository
(issue #3372).  This will check to see if the module exists before
it attempts to do the checkout and will exit if the module is not found.
It requires that the module used to check out the repository support the
parameters 'name' and 'version'.  The option -C, --checkout is now
optional and defaults to the module's default behavior for selecting a
branch, tag, or commit value.  For git, this continues to be HEAD.

Other changes include:
* Remove git from help and use generic term(s) where needed.
* Use SortedOptParser from ansible.utils
* More abstraction of common options used between ansible and
  ansible-playbook.
2013-08-20 13:43:26 -05:00
Stephen Fromm
cc58403e48 Apply consistent parameter alises to hg and subversion
For issue #3372, apply consistent parameter aliases to source_control
modules.  For hg, add name and version and add to documentation string.
For subversion, add version and document version and name aliases in
documentation string.
2013-08-20 13:43:26 -05:00
Jon W
d000f23344 typo
just darting a mistyped "ansible"
2013-08-20 12:11:51 -05:00
Jon W
c4ab7009b2 minor corr pip-install
perhaps there may be pip distribution using "pip-install" but "pip install" is universal afaik
2013-08-20 11:39:04 -05:00
smoothify
494043947d Add support for role defaults. These are variables on a per role basis with lowest precedence. 2013-08-20 10:11:39 +01:00
James Cammarata
49b0ff18a7 Missed some typos in macros for the xattr doc 2013-08-20 00:50:56 -05:00
James Cammarata
230077fda9 Fixing docs in xattr module 2013-08-20 00:47:07 -05:00
Petr Svoboda
e3adfbf5f8 Add tests for undefined variable detection
Tests `test_playbook_undefined_varsX_fail` check if ansible detects
undefined variables when `error_on_undefined_vars` is enabled. These
tests fail without "Improve behavior with error_on_undefined_vars
enabled" patch.

Tests `test_playbook_undefined_varsX_ignore` check if ansible ignores
undefined variables when `error_on_undefined_vars` is disabled.

Also modify PlayBook._run_task_internal() so error_on_undefined_vars is
testable.
2013-08-20 00:40:49 -05:00
Petr Svoboda
fff4f1da33 Improve behavior with error_on_undefined_vars enabled
Pass fail_on_undefined flag to recursive calls to `template` function,
so more undefined variables are detected.

Works only for Jinja style variables. Undefined legacy variables are
never detected.
2013-08-20 00:40:49 -05:00
Brian Harring
31061213fa Fix inconsistency in hostvars access.
Previously, hostvars would only expose a keys() list of hosts that had
been seen yet- however you could explicitly access the host if you knew
the name, and get the content that way.  This precludes template code
from being able to safely access information about other hosts if any
limiters/tags were in use.

Additionally, the object was inconsistent for hostvars['myhost'] access
and [x[1] for x in hostvars.items() if x[0] == 'myhost'] access; this is
due to the original derivation from the dict object.  .items() would be
handled by dict.items(), using the passed in setup_cache values without
using the actual lookup content.

This patch rebases the class implementation to a py2.6 dictmixin, fixing
those issues and restoring behaviour to match what the docs claim.
2013-08-19 23:57:08 -04:00
Brian Harring
902183ac0e Enforce alphanumeric ordering for plugins grabbed via glob.
If this isn't done, it's left to directory ordering which can result
in indeterminent behaviour.
2013-08-19 19:48:17 -04:00
James Cammarata
0747d41e76 Cleaning up some typos in the xattr module 2013-08-19 16:08:32 -05:00
James Cammarata
5e4f9657ca Merge branch 'xattr2' of https://github.com/bcoca/ansible into bcoca-xattr2 2013-08-19 15:42:51 -05:00
James Cammarata
39628d012d Minor fix to ipv6 detection for inventory with -i
For link-local addresses, it is sometimes necessary to append the
interface to use for the ipv6 address. This patch extends the ipv6
regex to allow for '%ifnameX' at the end.

See https://bugzilla.redhat.com/show_bug.cgi?id=136852 for more info
2013-08-19 15:27:21 -05:00
Michael Scherer
b655d5798b add tests for the -i option when used with raw string for ipv4
and ipv6 addresses.
2013-08-19 15:27:21 -05:00
Michael Scherer
3aac187387 fix ssh connection plugin to work with ipv6 address
Due to various inconsistencies of ssh and sftp regarding ipv6 and
ipv4 handling, some special arguments must be passed, and the
ipv6 must be passed in a specific format.
2013-08-19 15:27:20 -05:00
Michael Scherer
c9d28e10ad add support for using a ipv6 in -i
testing with a ipv6 :
  ansible -u misc -i  '[2002::c23e]:22,' '*' -m ping

fail due to parsing of ':' as a separator of port/ip with ipv4.
This commit add support for properly parsing 2002::c23 and the
bracket notation [2002::ce]:2222
2013-08-19 15:27:20 -05:00
Michael DeHaan
1509e995df Merge pull request #3874 from mscherer/relax_nova_compute_argument
image_id is not required to delete a vm from openstack
2013-08-19 12:16:04 -07:00
Michael DeHaan
8e23d509d3 Merge pull request #3885 from tidzo/devel
Fixed tiny bug with _meta handling in external inventory scripts
2013-08-19 12:08:48 -07:00
James Cammarata
a39aa57c5c Fixing small typo in redis module documentation 2013-08-19 14:04:58 -05:00
James Cammarata
17aa738872 Merge branch 'redis-config' of https://github.com/slok/ansible into slok-redis-config 2013-08-19 13:35:31 -05:00
Matt Saunders
9fd1b174f5 Fixed tiny bug with _meta handling in external inventory scripts 2013-08-19 18:54:30 +01:00
James Cammarata
77b98df63b Minor fix, vpc_id is not required for the ec2_group 2013-08-19 11:38:06 -05:00
Andrew de Quincey
58e85855e4 Add module to control EC2 security groups 2013-08-19 11:38:06 -05:00
Greg Buehler
500e6fa374 Added Zabbix inventory plugin 2013-08-19 16:40:40 +02:00
Michael DeHaan
00256af5bd Merge pull request #3878 from sjahl/apt_repository-perms-fix
setting 0644 permissions on mkstemp file handles. Fixes issue #3857
2013-08-18 13:17:14 -07:00
sjahl
4dd68c07a0 setting 0644 permissions on mkstemp file handles. Fixes issue #3857 2013-08-18 11:03:43 -04:00
Mark Harrison
a347bfa2bb Merge branch 'pacman_local' into pacman_local_plus_check
Conflicts:
	library/packaging/pacman
2013-08-17 17:56:33 -04:00
Mark Harrison
0419fb74bb Support check mode with pacman module 2013-08-17 17:44:41 -04:00
Mark Harrison
f52a1c8f46 Allow installation of local packages with pacman 2013-08-17 14:46:16 -04:00
Michael Scherer
472654447c Allow to use '*test*' in enablerepo for yum action
Yum commandline permit to use a wildcard to enable and disable
repositories in the --enablerepo switch, permitting to enable
a complete set of repository at once ( like all rpmfusion, all
update-testing, etc ).

However, this doesn't work in yum due to more stringent checks
that verify that a exact match is given for the name of the
repository , see commit 5c26805.

This commit enhance the check by permitting to test more than
1 repository at a time, thus permitting to use wildcards.
2013-08-17 18:43:53 +02:00
Michael Scherer
3f158a4688 image_id is not required to delete a vm from openstack
Since deletion do not check the type of image or anything,
and since that's tedious to keep track of the image_id and
just adding noise to add image_id for nothing, this commit
just relax the requirement.
2013-08-17 17:56:19 +02:00
James Cammarata
5847720746 Fixing a small bug with the new role dependency feature
The block that added the original list of roles was indented too far,
and was only being reached if a role had dependencies. This resulted
in roles without dependencies from being added to the list of roles.

Credit goes to looped for reporting and diagnosing the issue.
2013-08-17 00:06:24 -05:00
Michael DeHaan
5452f0062b Updated changelog 2013-08-16 22:14:15 -04:00
Michael DeHaan
15e2ccd2d9 Moving some role deps stuff around a small amount. 2013-08-16 22:05:26 -04:00
Michael DeHaan
42648e2f0a Merge branch 'role_dependencies' of git://github.com/jimi1283/ansible into jimi1283-role_dependencies 2013-08-16 21:42:57 -04:00