Commit graph

599 commits

Author SHA1 Message Date
Zim Kalinowski
2f3960558d
Fix for PostgresSQL server update and storage_mb (#51653) 2019-02-15 17:46:52 +08:00
Zim Kalinowski
1f5cda37b3
Fix for MySQL server update and storage_mb (#51661) 2019-02-15 17:33:21 +08:00
Zim Kalinowski
0c8c72a0bf
Fixing managed disk facts (#51781) 2019-02-15 17:07:30 +08:00
Adam Miller
ea0e2bf2b3 yum always return changes dict, not only in check mode (#51987)
Previously the yum module would provide a `changes` dict when
executed in check mode but omit it when not in check mode in favor
of the `results` data which is raw output from the yum command. This
pull request makes that output uniform.

Fixes #51724

Signed-off-by: Adam Miller <admiller@redhat.com>
2019-02-13 17:46:32 -05:00
Simon Westphahl
02e87b7d70 Raise AnsibleConnectionError on winrm connnection errors (#51744)
* Raise AnsibleConnectionError on winrm con errors

Currently all uncaught exceptions of the requests library that is used
in winrm will lead to an "Unexpected failure during module execution".

Instead of letting all exceptions bubble up we catch the connection
related errors (inkl. timeouts) and re-raise them as
AnsibleConnectionError so Ansible will mark the host as unreachable and
exit with the correct return code.

This is especially important for Zuul (https://zuul-ci.org) to
distinguish between failures and connection/host related errors.

* Update lib/ansible/plugins/connection/winrm.py

Co-Authored-By: westphahl <westphahl@gmail.com>

* Add changelog fragment
2019-02-13 14:55:55 -05:00
Kevin
c512471428 Add two more failure conditions to unarchive (#51914) 2019-02-13 13:40:26 -05:00
Matt Martz
b34d141eed
Disallow use of remote home directories containing .. in their path (CVE-2019-3828) (#52133)
* Disallow use of remote home directories containing .. in their path

* Add CVE to changelog
2019-02-13 10:38:28 -06:00
Juan Antonio Osorio
9f081ca04f identity: Add GSSAPI suport for FreeIPA authentication (#52031)
* identity: Add GSSAPI suport for FreeIPA authentication

This enables the usage of GSSAPI for authentication, instead of having
to pass the username and password as part of the playbook run.

If there is GSSAPI support, this makes the password optional, and will
be able to use the KRB5_CLIENT_KTNAME or the KRB5CCNAME environment
variables; which are standard when using kerberos authentication.

Note that this depends on the urllib_gssapi library, and will only
enable this if that library is available.

* identity: Add documentation for GSSAPI authentication for FreeIPA

This documentation describes how to use GSSAPI authentication with the
IPA identity modules.

* identity: Add changelog for GSSAPI support for IPA

This adds the changelog entry for the GSSAPI authentication feature for
the IPA identity module.
2019-02-13 15:38:13 +00:00
Alan Rominger
af9ff07c74 Send openstack inventory logs to stderr (#51827) 2019-02-13 13:36:37 +00:00
Will Thames
46fbcf08bc
aws_kms enhancements (#31960)
* Allow creation and deletion of keys (deletion just schedules for
  deletion, recreating an old key is just cancelling its deletion)
* Allow grants to be set, thus enabling encryption contexts to be
  used with keys
* Allow tags to be added and modified
* Add testing for KMS module
* Tidy up aws_kms module to latest standards
2019-02-13 13:06:58 +10:00
Andrew Gaffney
9c35f18dd6 Custom jinja Undefined class for handling nested undefined attributes (#51768)
This commit creates a custom Jinja2 Undefined class that returns
Undefined for any further accesses, rather than raising an exception
2019-02-12 15:04:00 -05:00
hansmi
76ab88c9f5 callbacks/slack: Explicitly set Content-Type header (#51824)
There are other chat systems with hook implementations more or less
compatible with Slack, such as Rocket.Chat. The latter requires the
Content-Type header to be set to "application/json" (the body is JSON).

Signed-off-by: Michael Hanselmann <public@hansmi.ch>
2019-02-12 12:47:33 -05:00
Abhijeet Kasurde
5c992fcc3f
ansible-vault: handle utf-8 filename in vault (#50341)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-02-12 16:13:51 +05:30
Hannes Ljungberg
70d8f02db7 docker_swarm_service: Extend env and add env_files support (#51762)
* Extend env and add env_files support

* Python 2.6 compat

* Handle lists passed as string

* Add changelog fragment

* Use correct link formatting

Co-Authored-By: hannseman <hannes@5monkeys.se>

* Fix typo

Co-Authored-By: hannseman <hannes@5monkeys.se>

* Handle empty env and env_files values
2019-02-12 08:06:58 +00:00
Felix Fontein
09f78d2f6c ufw: allow to insert rules relative to first/last IPv4/IPv6 rules (#49796)
* Insert should have type int.

* Add insert_relative_to option.

* Add changelog.

* Add tests.

* Improve comment.
2019-02-12 08:05:14 +00:00
Jordan Borean
179cbb9891
win_dsc - return warning from DSC invocation (#51927) 2019-02-12 13:50:00 +10:00
Matt Martz
445ff39f94
Become plugins (#50991)
* [WIP] become plugins

Move from hardcoded method to plugins for ease of use, expansion and overrides
  - load into connection as it is going to be the main consumer
  - play_context will also use to keep backwards compat API
  - ensure shell is used to construct commands when needed
  - migrate settings remove from base config in favor of plugin specific configs
  - cleanup ansible-doc
  - add become plugin docs
  - remove deprecated sudo/su code and keywords
  - adjust become options for cli
  - set plugin options from context
  - ensure config defs are avaialbe before instance
  - refactored getting the shell plugin, fixed tests
     - changed into regex as they were string matching, which does not work with random string generation
     - explicitly set flags for play context tests
 - moved plugin loading up front
 - now loads for basedir also
 - allow pyc/o for non m modules
 - fixes to tests and some plugins
 - migrate to play objects fro play_context
 - simiplify gathering
 -  added utf8 headers
 - moved option setting
 - add fail msg to dzdo
 - use tuple for multiple options on fail/missing
 - fix relative plugin paths
 - shift from play context to play
 - all tasks already inherit this from play directly
 - remove obsolete 'set play'
 - correct environment handling
 - add wrap_exe option to pfexec
 - fix runas to noop
 - fixed setting play context
 - added password configs
 - removed required false
 - remove from doc building till they are ready

future development:
  - deal with 'enable' and 'runas' which are not 'command wrappers' but 'state flags' and currently hardcoded in diff subsystems

* cleanup

  remove callers to removed func
  removed --sudo cli doc refs
  remove runas become_exe
  ensure keyerorr on plugin
  also fix backwards compat, missing method is attributeerror, not ansible error
  get remote_user consistently
  ignore missing system_tmpdirs on plugin load
  correct config precedence
  add deprecation
  fix networking imports
  backwards compat for plugins using BECOME_METHODS

* Port become_plugins to context.CLIARGS

This is a work in progress:
* Stop passing options around everywhere as we can use context.CLIARGS
  instead

* Refactor make_become_commands as asked for by alikins

* Typo in comment fix

* Stop loading values from the cli in more than one place

Both play and play_context were saving default values from the cli
arguments directly.  This changes things so that the default values are
loaded into the play and then play_context takes them from there.

* Rename BECOME_PLUGIN_PATH to DEFAULT_BECOME_PLUGIN_PATH

As alikins said, all other plugin paths are named
DEFAULT_plugintype_PLUGIN_PATH.  If we're going to rename these, that
should be done all at one time rather than piecemeal.

* One to throw away

This is a set of hacks to get setting FieldAttribute defaults to command
line args to work.  It's not fully done yet.

After talking it over with sivel and jimi-c this should be done by
fixing FieldAttributeBase and _get_parent_attribute() calls to do the
right thing when there is a non-None default.

What we want to be able to do ideally is something like this:

class Base(FieldAttributeBase):
    _check_mode = FieldAttribute([..] default=lambda: context.CLIARGS['check'])

class Play(Base):
    # lambda so that we have a chance to parse the command line args
    # before we get here.  In the future we might be able to restructure
    # this so that the cli parsing code runs before these classes are
    # defined.

class Task(Base):
    pass

And still have a playbook like this function:

---
- hosts:
  tasks:
  - command: whoami
    check_mode: True

(The check_mode test that is added as a separate commit in this PR will
let you test variations on this case).

There's a few separate reasons that the code doesn't let us do this or
a non-ugly workaround for this as written right now.  The fix that
jimi-c, sivel, and I talked about may let us do this or it may still
require a workaround (but less ugly) (having one class that has the
FieldAttributes with default values and one class that inherits from
that but just overrides the FieldAttributes which now have defaults)

* Revert "One to throw away"

This reverts commit 23aa883cbed11429ef1be2a2d0ed18f83a3b8064.

* Set FieldAttr defaults directly from CLIARGS

* Remove dead code

* Move timeout directly to PlayContext, it's never needed on Play

* just for backwards compat, add a static version of BECOME_METHODS to constants

* Make the become attr on the connection public, since it's used outside of the connection

* Logic fix

* Nuke connection testing if it supports specific become methods

* Remove unused vars

* Address rebase issues

* Fix path encoding issue

* Remove unused import

* Various cleanups

* Restore network_cli check in _low_level_execute_command

* type improvements for cliargs_deferred_get and swap shallowcopy to default to False

* minor cleanups

* Allow the su plugin to work, since it doesn't define a prompt the same way

* Fix up ksu become plugin

* Only set prompt if build_become_command was called

* Add helper to assist connection plugins in knowing they need to wait for a prompt

* Fix tests and code expectations

* Doc updates

* Various additional minor cleanups

* Make doas functional

* Don't change connection signature, load become plugin from TaskExecutor

* Remove unused imports

* Add comment about setting the become plugin on the playcontext

* Fix up tests for recent changes

* Support 'Password:' natively for the doas plugin

* Make default prompts raw

* wording cleanups. ci_complete

* Remove unrelated changes

* Address spelling mistake

* Restore removed test, and udpate to use new functionality

* Add changelog fragment

* Don't hard fail in set_attributes_from_cli on missing CLI keys

* Remove unrelated change to loader

* Remove internal deprecated FieldAttributes now

* Emit deprecation warnings now
2019-02-11 11:27:44 -06:00
James Cassell
953058d025 standardize connection variable names (#51776)
* standardize user/password connection vars

* docs: use ansible_user and ansible_password

* docs: var precedence for connection vars

* docs: ansible_become_pass -> ansible_become_password etc
2019-02-11 10:43:10 -05:00
Matt Martz
3c85ac1788
Promote include_tasks/role and import_tasks/role to stableinterface (#51975) 2019-02-11 09:06:38 -06:00
Felix Fontein
4d3d8dd60f ufw: check values for direction depending on situation (#50402)
* Check values of 'direction'.

* Add changelog.

* Update lib/ansible/modules/system/ufw.py

Co-Authored-By: felixfontein <felix@fontein.de>

* Update lib/ansible/modules/system/ufw.py
2019-02-11 14:47:35 +00:00
Felix Fontein
a279892fae ufw: allow gre and igmp protocols (#51166)
* ufw: allow gre and igmp protocols.

* Add changelog.
2019-02-11 14:46:38 +00:00
Jérôme BAROTIN
b99de25f32 Enable changed var with ufw check mode (#49948)
* Enable 'changed' var with ufw check mode

* Fix from comment of the PR + Unit Test

* Fix on ufw module after the second review

- delete rules change works in check mode
- simplify execute def & use it on every call process
- improved regexp
- rename vars defaults to current_default_values

* Add ignore error to execute() and use it in get_current_rules()

* Update after third code review (introduce change in changed status)

* Adjust tests and fix some problems (#1)

* 'active' also appears in 'inactive'.

* 'reject' is also a valid option here.

* For example for reloaded, changed will be set back to False here.

* Improve and adjust tests.

* Fix after merging integration test

* handle "disabled" on default routed

* Add /var/lib/ufw/.. rules files

* add unit test

* Fix pep8 formatting error

* Separate ipv6 and ipv4 rules process from checkmode

* fix non-ascii error on ci

* Some change after review

* Add unit test with sub network mask

* rename is_match function by is_starting

* add changelog fragment
2019-02-11 11:05:35 +00:00
Felix Fontein
9b1cbcf3a4 openssl_csr: ignore empty strings in altnames (#51473)
* Ignore empty strings in altnames.

* Add changelog.

* Add idempotence check without SAN.

* Fix bug in cryptography backend.
2019-02-11 10:30:56 +00:00
Adam Miller
2721ed260e Properly handle unauthenticated yum proxy config (#51915)
Fixes #51548

Signed-off-by: Adam Miller <admiller@redhat.com>
2019-02-09 01:17:22 -05:00
Jeremiah Mahler
ffbc9d99de fix Amazon system-release version parsing (#51521)
Previously it was assumed that the Amazon system-release
number was the final value of the string.  This isn't always
the case.  Some releases have the name at the end.

  Amazon Linux release 2
  Amazon Linux release 2 (Karoo)

Fix by instead looking for a number in the string.

Fixes #48823
2019-02-07 17:58:34 -05:00
Adam Miller
9bb05b72b2 correctly detect pkg_mgr on fedora/rhel/centos rpm-ostree installed (#49256)
Check the path /run/ostree-booted which I'm told by upstream that it
will always be present when a host system is Fedora/RHEL/CentOS
Atomic/CoreOS vs "traditional" distro instance to detect the
non-traditional instance and ensure pkg_mgr selection is correct

Signed-off-by: Adam Miller <admiller@redhat.com>
2019-02-07 15:16:38 -05:00
Mike Sgarbossa
c459f040da use list instead of tuple and remove md5 on ValueError (#51357)
* use list instead of tuple and remove md5 on ValueError

Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>

* convert algorithms to list and add comment

Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>

* only convert to list if algorithms is not None

Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>

* new fragment for PR 51357

Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>

* fix lint: remove blank line
2019-02-07 11:23:11 -05:00
Viktor Utkin
d40f0313e2 spot instance request stay opened when module exit with timeout (#51535)
Fixes: #51534

* set valid_until equal to current time + spot_wait_timeout
* add setting ValidUntil to  value
* add changelog fragment
* fix shebang issue
2019-02-07 21:38:19 +05:30
plumbeo
4d93c440b9 mysql_user: Match both single quotes and backticks when checking curr… (#40092)
* mysql_user: Match quotes, double quotes and backticks when checking current privileges

* Add changelog fragment for PR #40092
2019-02-06 14:20:43 +00:00
Felix Fontein
c9b08db979 acme_challenge_cert_helper: fix bad module.fail_json() call (#51795)
* Fix bad module.fail_json() call.

* Add changelog.
2019-02-06 15:45:35 +10:00
Jordan Borean
146a89b612
psrp - do not display bootstrap wrapper for eachach task (#51779) 2019-02-06 12:05:15 +10:00
Martin Krizek
33b07f322c
yum: disableexcludes is supported on centos6 (#51698)
* yum: disableexcludes is supported on centos6

* Add changelog
2019-02-05 18:18:56 +01:00
Hannes Ljungberg
4a5d38b55a docker_swarm_service: Enable tests (#51170)
* Enable tests

* Comment fixes

* Try lowering timeouts

* Comment fix

* Comment fix

* Comment fix

* Add a pause to let service update

* Fix comment

* Disable dns_search tests

* Disable dns_servers test

* Fix comment

* Fix comment

* Fix comment

* Fix comment

* Fix comment

* Fix comment

* Fix comment

* Revert "Disable dns_servers test"

This reverts commit 763e9da716b78f4986f313b3ba1ab98faacb742e.

* Revert "Disable dns_search tests"

This reverts commit 2859e4e3a5ebdca078de84d821bb53bbdf967dfd.

* Revert "Add a pause to let service update"

This reverts commit e990dfae1a62e9a42b07960819818bc75fd04427.

* Revert "Try lowering timeouts"

This reverts commit 1617772de81ecef0e560b38c7564646ec3874c3c.

* Ensure that services are running while testing

* Retry tasks on update out of sequence error

* Remove unnecessary check for APIError.explanation

Co-Authored-By: hannseman <hannes@5monkeys.se>

* Ignore errors when tearing down test suite

* Retry with a loop instead of tail recursion

* Initialize self.diff_trace in run

* Add change log fragment

* Actually raise error

* Add unit test for retrying

* Lint

* Change to bugfix

* Remove whitespace

* Mock docker dependency

* Use download.fedoraproject.org

* Revert "Use download.fedoraproject.org"

This reverts commit 5931791f7c.
2019-02-05 08:25:29 +00:00
Pilou
7a3582d651 uri: check unexpected failure doesn't occur when file cannot be saved (#45824)
* uri: fix TypeError when file can't be saved

Fix the following exception (and others):

    Traceback (most recent call last):
      File "/home/lilou/debug_dir/__main__.py", line 604, in <module>
        main()
      File "/home/lilou/debug_dir/__main__.py", line 554, in main
        write_file(module, url, dest, content, resp)
      File "/home/lilou/debug_dir/__main__.py", line 320, in write_file
        module.fail_json(msg="Destination dir '%s' not writable" % os.path.dirname(dest), **resp)
    TypeError: fail_json() got multiple values for keyword argument 'msg'

I would rather remove **resp from returned values but this module is
flagged as stableinterface.

* Static imports are more straight forward and preferred unless dynamic inclusion is required.
2019-02-04 10:29:05 -05:00
Felix Fontein
89a1c68f98 docker_volume: improve force option (deprecate, add new option) (#51145)
* docker_volume: Deprecating force option, adding recreate option.

* Add changelog.

* Remove mis-placed force: yes for docker_volume.
2019-02-03 15:09:24 -05:00
Abhijeet Kasurde
18ed84b877 hashi_vault: add support for userpass authentication (#51538)
Added support for username and password authentication in hashi_vault
lookup plugin.

Fixes: #38878

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-02-02 12:32:53 +01:00
Andrea Tartaglia
b8790abcbe Added description to single net interface (#51602)
* Added description to single net interface

* ec2_instance single iface description changelog
2019-02-01 13:19:33 +00:00
chronidev
240d1a6afb Add coherency between check and normal mode for copy plugin action see issue #24633 (#51582)
* Add coherency between check and normal mode see issue #24633

* Add changelog fragment for the PR

* Make change following PR comment

* Remove trailing whitespace
2019-02-01 13:47:23 +10:00
Simon Dodsley
c65909d6db Add network fact to obtain FC WWN initiator ports (#37043) 2019-01-31 21:59:38 +00:00
Jordan Borean
f27078df52
win_power_plan: fix for Windows 10 and Server 2008 compatibility (#51471) 2019-02-01 06:32:12 +10:00
Simon Dodsley
8707f1793e Add default fact for NVMe support (#50164) 2019-01-31 16:05:45 +00:00
Jordan Borean
6a2aac487d
win_stat - add follow option and fix broken tests (#51522)
* win_stat - add follow option and fix broken tests

* fix docs issues
2019-01-31 15:56:06 +10:00
Fabian von Feilitzsch
0be66113d4 [k8s] Always check envvars when auth parameter is not provided (#51495)
* Always check envvars when auth parameter is not provided

This will make it so that all code using the get_api_client
method will make use of the environment variables, instead of
silently ignoring them if default values haven't been set. This
affects at least the k8s lookup plugin.

* Add changelog
2019-01-30 16:52:12 -05:00
Brian Coca
abb964a5a0
move extravars and option vars loading into VM (#51070)
* move extravars and option vars loading into VM

  also safedir setting, all these are intrinsic to VM
  avoid uneeded and inefectual shallow copy
  remove setters/getters as VM now does most of the work in init
  updated and added tests

* feedback + fixes

* keep extra_vars property for vars_prompt

* pass values not objects
2019-01-30 16:25:36 -05:00
Brian Coca
4ac0c23db6
added unsafe toggle to vars_prompt (#49219)
* added unsafe toggle to vars_prompt

	fixes #47534
2019-01-30 15:01:13 -05:00
Brian Coca
4a0fceaa3b remove bare var handling in conditionals (#51030)
* remove bare var handling in conditionals

  this makes top level and multilevel vars (dicts keys) behave the same
  it will require adding |bool for 'string comparissons' in indirect templates

  - added new tests to ensure uniform handling
  - switched to 'is' testing for status
  - changed warning to 'conditional' as 'when:' is not only place it gets triggered

* updated to include toggle and deprecation

* fix deprecated

* updated tests to handle toggle

* fixed typo and added note about the future
2019-01-30 15:00:24 -05:00
Brian Coca
50b40c47df aws_ec2 Implement the missing 'region discovery' (#51333)
* aws_ec2 Implement the missing 'region discovery'

  fixes #45288

  tries to use api as documented (which seems to fail in latest boto3 versions)
  and fallback to boto3 'hardcoded' list of regions

* fixes and cleanup, add error for worst case scenario

* fix tests, remove more unused code

* add load_name

* acually load the plugin

* set plugin as required

* reverted test changes, removed options tests

* fixes as per feedback and cleanup
2019-01-29 14:59:38 -06:00
Brian Coca
3ba3af5058
toggle for stripping empty shell/command output (#51342)
* toggle for stripping empty shell/command output

  fixes #45367

* Update lib/ansible/modules/commands/command.py

Co-Authored-By: bcoca <bcoca@users.noreply.github.com>
2019-01-29 15:55:38 -05:00
Will Thames
23b5599244 Add k8s module_defaults group and document (#51093)
It makes sense to use module_defaults with k8s modules, and thus
have a k8s module_defaults group.
2019-01-29 14:23:27 -06:00
Adam Miller
61ed229732 dnf load substitutions from installroot (#51206)
Fixes #51059

Signed-off-by: Adam Miller <admiller@redhat.com>
2019-01-29 15:10:53 -05:00