A cloud/domain admin should be able to create a subnet on any
project it is granted on.
This change adds the 'project' parameter that accepts either
a name (admin-only) or id.
A cloud/domain admin should be able to create a network on any project
it is granted to.
This changes adds the possibility to pass either a project ID or
project name.
'server_insecure' maps to the subscription-manager config
(/etc/rhsm/rhsm.conf) value for 'insecure' key in the
'server' stanza. The 'insecure' configures if the https connection
to 'server_hostname' is verified as having been issued by
a CA in 'ca_cert_dir' trust store.
Previous documentation indicating it disables https and
enables http was inaccurate. Connection to server_hostname
always uses https.
* based on cpython os.path.ismount
* includes patch from http://bugs.python.org/issue2466
* fixes#2186
* when the upstream bug is fixed this should be removed/rewritten
* use ismount from module_utils
login_password should not be logged, so mark it as 'no_log'
the others arguments are path to file, and so should be type='path',
which permit to remove the line handling '~' and shell variables.
Fixed type checking to be more idiomatic powershell, also fixes a slew of StrictMode issues and gets error handling back to originally-intended behavior.
A change was merged to the main Ansible core code that can cause
a potential hang if any libraries are called that use threading.
This change was:
4b0aa1214c
This affected the os_object module by causing a hang on the shade
create_object() API call (which in turn calls swiftclient which
uses threading). The fix is to make sure all modules have a main()
that is wrapped with an "if __name__ == '__main__'" check.
In case role policy was deleted, we did not handle at all if there
was authorization issue to do the deletion. Also add message when
role is not found and the policy is skipped.
The default_project is checked at the beginning of the module.
This raises an exception if the project passed does not exist.
This logic only makes sense on resource creation, if a user
puts state=absent the module fails, even though the default
project is not relevant
If a server already exists when os_server is run, but a floating
IP was not assigned to the server when one was requested, the
module will attempt to add an IP to the existing server. But it
would not pass the wait/timeout params to the floating IP APIs.
If wait was True, you could get back a server dict that did not
show the floating IP because it did not wait.
route53 creates Record objects using `health check` and `failover`
parameters. Those parameters only became available in boto 2.28.0.
As some prominent LTS Linux releases (e.g.: Ubuntu 14.04) only ship
older boto versions (e.g.: 2.20.1 for Ubuntu 14.04), users are getting
unhelpful error messages like
TypeError: __init__() got an unexpected keyword argument 'health_check'
when running Ansible 2 against their LTS install's default boto.
We improve upon this error message by checking the boto version
beforehand.
Fixesansible/ansible#13646
Apologies, but I no longer use this module day-to-day myself, and I don't have the bandwidth right now to effectively triage changes in any kind of timely fashion.
Hello!
I wanted stop the containers matched only by image name, but can't do this, if I not set cmd in playbook.
This behavior confused me.
If cmd or entrypoint is defined for running container, but not defined in playbook, makes matching behavior as this sample:
https://github.com/ansible/ansible-modules-core/blob/devel/cloud/docker/docker.py#L463
This is useful for packages that bootstrap their own apt-key setup - only
the initial installation will require overriding. Notable examples are the
Dropbox and Google Chrome packages.
(Setting force=yes is far too strong: I only want to bypass
authentication!)
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Commit f71542c set the incorrect type for these two parameters to
dict when they are actually list of dicts.
Also, the extra_dhcp_opts was incorrectly named (without the terminal
's') and NEVER worked, so this was corrected.
Fixes#3301
This update adds exception handling to catch errors when trying to parse
command output to json. It also removes the dependency on importing json
opting to use the AnsibleModule methods instead
This commit adds a new module, ops_command, that handles executing commands
on OpenSwitch over the CLI. Since this module is designed to work with the
OpenSwitch CLI, it only supports the CLI transport option
This commit adds a new module, ops_config, that allows playbook designers
to create tasks for configuring OpenSwitch over the CLI. The module
is designed to work directly with configuration mode in OpenSwitch and
therefore only supports the CLI transport option
This commit address a bug in the ios_config module when using the
match: strict argument. When the argument is used, the module will
compare the configuration block same as match: exact which is not the
intended behavior. This commit updates the behavior to propertly handle
the strict argument.
now uses atomic move to avoid data corruption
correclty cleans up temp files in every case
returns backup_file info if needed
validate validate before temp file gets created
backup AFTER validate
Without this change, a download failure may bail out with the message:
"Failure downloading http://foo/bar, 'NoneType' object has no attribute 'read'"
whereas with this fix, you'd get a proper error like:
"Failure downloading http://foo/bar, Request failed: <urlopen error [Errno 113] No route to host>"
or one of the many other possible download errors that can occur.
The returned list of diffs aims to simulate how a file system diff would
look before and after writing the sources list files.
![screenshot](http://i.imgur.com/dH6QXtY.png)
n.b. Ternary conditional is due to failing integration test for
python 2.4
This commit refactors the arugments used in ops_template to be strictly
typed and handle by declarative / rest and cli based configurations. It
also removes old arguments not supported and cleans up the documentation
strings
This mirrors a nearly identical change made to apt_repository.py.
Also removes the use of apt-get --force-yes as it can be dangerous
and should not be necessary (apt_repository.py does not use it).
Repeating the explanation from the apt_respository change below:
Since use_unsafe_shell is suspicious from a security point
of view (or it wouldn't be unsafe), the less we have, the less
code we have to thoroughly inspect for a security audit.
In this case, the '&&' can be replaced by doing 2 calls to run_command.
Running async_status in an "until: result.finished" loop will mask a module failure (eg, traceback) with a
template failure, because the fail dict doesn't include "finished" (eg, you'll see "ERROR! The conditional check 'bogus_out.finished' failed. The error was: ERROR! error while evaluating conditional: bogus_out.finished ({% if bogus_out.finished %} True {% else %} False {% endif %}"). Because the failure dict still includes "failed: true",
this change has no effect on stoppage/failure reporting, it just prevents the common usage pattern from masking the underlying error message.
Since our validation does conversion as well as validation, I'm not sure
this is entirely correct. May need to take a look at our conversion
code and re-examine to be sure we're doing it right.
I like to use ~/somepath instead of absolute paths because
that's more shareable. Without expansion, the path wasn't
considered a file, and the resulting cloud-config user_data
contained a string for the file path instead of the file context.
So, expand it.
restart_containers(containers.running) may try to restart containers
that are deleted when looping through get_differing_containers()
fix this by refreshing list after first loop
The ulimit will be specified as a list and separated by colons. The
hard limit is optional, in which case it is equal to the soft limit.
The ulimits are compared to the ulimits of the container and added
or adjusted accordingly on by a reload.
The module ensures that ulimits are available in the capabilities
iff ulimits is passes as a parameter.
This adds a new module, iosxr_config, that can be used for configuring
Cisco IOS XR devices. It is provides a set of arguments for sending
configuration commands to the device over cli
This adds a new module, iosxr_template, that can be used to template
configurations for IOS XR devices. Templates are then loaded into the
target device over cli
A change is coming to Ansible where module params will default to str.
Many of our modules were taking advantage of this by not being explicit
about the type, so they will break when that change merges. This hopefully
catches those cases.
- clarify docs on body_json behaviour
- only tranform into json if body input is not a string
users keep passing json string and expecint it to not be jsonified again
- fixed issue with removes not handling path expansion correctly
- switched all path variables to 'type path' to handle expansions
This commit allows the connection information for
the vsphere_guest module to be provided as environment
variables, which makes it possible to use Cloud
Credentials from Ansible Tower in playbooks that utilize
vsphere_guest.
| ENV VAR | vsphere_guest param |
| --------------- | ---------------------- |
| VMWARE_HOST | vcenter_hostname |
| VMWARE_USER | username |
| VMWARE_PASSWORD | password |
This adds a new module, junos_config, useed to configure Juniper JUNOS based
devices. The config module can be used to set an ordered set of set and
delete statements over a cli transport
This adds a new module, junos_template, that can read in a template
config and push the changes to the device. It can also backup the
current config. This module is implemented over cli
This adds a new module, junos_command that can be used for sending commands
to Juniper JUNOS based devices. The junos_command module is implemented
over a cli transport
Fix the OpenStack os_server module for when region_name is specified.
This should not be passed through to the shade create_server() call
as it's only used with the auth parameters.
Fixes bug: https://github.com/ansible/ansible-modules-core/issues/2797
This change update the return values from eos_config to be consistent with
all network config modules. This will now return updates and responses
from the module
This change updates the returns values from eos_command to be consistent
with network modules. It now returns stdout, stdout_lines and failed_conditionals
This updates the nxos_template doc string to unify the return values
across all network modules. This change now returns stdout, stdout_lines
and failed_conditionals
This modifies the return values to make them consistent across all
network command modules. The module now returns stdout, stdout_lines
and failed_conditionals
- defaulted to commands not executing in checkmode
- added force run for info gathering (for setting changed)
- added debug for what would have been run in check mode
- added check mode for spots that made changes using system calls instead of command
- removed now redundant checkmode checks
better failure now, if i missed anything, it will misreport changed value
instead of old default of actually making the change in checkmode
The old method left settings in the environment. The new method takes
care of clearing them after use. In this module, the old method was
also setting the environment too late to affect all the command line
tools which lead to a bug.
Fixes https://github.com/ansible/ansible/issues/14264
This addresses a bug in the eos_config module that would prevent it
from running properly. The module should now properly process the config
and the candidate
The eos_config module has a bug where its trying to pass an argument
that doesn't exist. This fixes that problem, removing the offending
keywork argment
The eos_template module works by allowing configurations to be pushed
to Arista EOS devices that can be templated by the Ansible Jinja2
template engine
The nxos_template module worksw by allowing configurations to be pushed
to Cisco NXOS devices over CLI or NXAPI and templated using the Ansible
Jinja2 template engine
This adds a new module nxos_command that can be used to send arbitrary
commands to NXOS devices. The module includes an argument that allows
the responses to be evaluated and causes the module not to return
control to the playbook until a set of conditions has been met.
Using the difflist feature added in ansible/ansible@c337293 we can add
two diffs to the `diff` dict returned as JSON: A `before` and `after` pair of
changed file contents and the diff of the file attributes.
n.b.: the difflist handling from the above commit is logically broken.
PR will follow.
Example output:
TASK [change line and mode] ************************************************************
changed: [localhost]
--- before: /tmp/sshd_config (content)
+++ after: /tmp/sshd_config (content)
@@ -65,21 +65,21 @@
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
+AcceptEnv LANG LC_* GF_ENV_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
--- before: /tmp/sshd_config (file attributes)
+++ after: /tmp/sshd_config (file attributes)
@@ -1,3 +1,3 @@
{
- "mode": "0700"
+ "mode": "0644"
}
This adds a new module eos_command to network/eos. The eos_command module
is used for sending arbitrary commands to Arista EOS devices. It includes
arguments that allow the module to wait for specific values before the
module returns control to the playbook or fails
This adds a new module for pushing configuraitons to eos devices in a
reliable and repeatable fashion. It includes support for templating
configurations and backing up the current config prior to pushing out
changes. This module works over either CLI or EAPI.
This PR has a dependency on ansible/ansible PR #14009 being merged
OCD is making me fix the inconsistency with how None is typed. First Letter Capitalized All Over Now.
cleaning up the default object that was created for the cache_security_groups and removing checks dealing with it.
clean up space
Changing default cache_security_groups from [default] to None.
This adds a new module for managing configuraiton files for Cisco NXOS
devices. It provides configuration file management including templating
and backing up the current configuration.
This PR has a dependency on ansible/ansible PR # 14012
On systems with restrictive umasks, the pip module won't allow you to
install pip packages that are usable by everyone on the system. This
commit adds a umask option to optionally override the umask on a
per-package basis.
Since there is no shell escape of the password parameter, a password with
a single quote (or even worst, a single quote and a pipe) could have
unattended consequences. Also, the less we use use_unsafe_shell=True, the
better.
As of Ansible 2.x, invocation of Django's ```manage.py``` requires a valid "shebang". Additionally, ```manage.py``` must be executable.
The old invocation was hardcoded as ```python manage.py ...``` while the new invocation is ```./manage.py ...```. See [this PR](https://github.com/ansible/ansible-modules-core/pull/1165).
This change allows more flexibility for which Python interpreter is invoked, but breaks existing deployment when ```manage.py``` is not properly configured. This documentation update adds a note explaining the new requirements for ```manage.py```.
Add the ability to completely delete a floating IP from the pool
when disassociating it from a server. When state is absent and
purge is true, the IP will be completely deleted. The default
keeps the current behavior, which is to only disassociate the IP
from the server.
The exception message, when shade fails, will contain much more
specific information about the failure if the exception is treated
as a string. The 'message' attribute alone is usually not helpful.
Support specifying an absolute path (typically /etc/crontab) rather than
a path relative to /etc/cron.d, to allow modifying the main system crontab.
Particularly useful for target systems that have /etc/crontab but no
/etc/cron.d.
Since use_unsafe_shell is suspicious from a security point
of view (or it wouldn't be unsafe), the less we have, the less
code we have to toroughly inspect for a security audit.
In this case, the '&&' can be replaced by doing 2 calls to run_command.
Starting in Django 1.7, the createcachetable command looks for cache
table names in the CACHES settings dictionary, so cache_table is no
longer required, but is still allowed.
Otherwise CDN (Akamai) downloads file without the headers. The sequence
is following:
1. Ansible uploads file to CF.
2. Akamai downloads the file and caches it in CDN.
3. Ansible sets headers.
As a result Akamai serves file without headers.
This is backwards incompatible change, because headers keys are not
prefixed with `x-object-meta-`. Which allows user to set headers like
`Access-Control-Allow-Origin`.
The command `hg up -C` by default moves to the latest revision on the
current branch. The `discard` function was trying to update to a
different branch, in case it was provided, by passing a `-r REVISION`
argument. Not only is this not the intended effect of the `discard`
function, but this also could update to a different branch that hasn't
been pulled yet, which is how we were experiencing trouble.
Instead, we unconditionally do `hg up -C -r .` to "update" to the
current revision (i.e. to "."), while `-C/--clean`ing the current
directory. This is similar to `hg revert --all`, except that it also
undoes the merge state of the working directory, in case there was
any.
Previously the logging module hard coded the default logging driver. This means
if the docker daemon is started with a different logging driver, the ansible
module would continually restart it when run.
This fix adds a call to docker.Client.info(), which is inspected if a logging
driver is not supplied in the playbook, and the container only restarted if
the logging driver applied differs from the configured default.
In usage, this has solved issues with using alternative logging drivers.
Fixes require ssl in combination with grant option
Refactoring: code cleanup to make it easier to understand
Code rewritten inspired by @willthames
Added WITH GRANT OPTION as exception; when only REQUIRESSL and/or GRANT are specified we have to add USAGE
Without this change, some trouble may occur when "deb" parameter
is used as env vars controlling dpkg are not set. For example,
installing a package that requires user input will never end since
DEBIAN_FRONTEND=noninteractive is not set.
So export env vars in APT_ENV_VARS before run dpkg, like in cases
using apt-get/aptitude.