This means we will have to unarchive the complete archive if a single change is found.
Unfortunately we cannot fix this for `unzip`, the only hope is a pure-python reimplementation.
This fixes problems reported in the comments of #3810
os.getlogin() returns the user logged in on the controlling terminal. However
'crontab' only looks for the login name of the process' real user id which
pwd.getpwuid(os.getuid())[0] does provide.
While in most cases there is no difference, the former might fail under certain
circumstances (e.g. a lxc container connected by attachment without login),
throwing the error 'OSError: [Errno 25] Inappropriate ioctl for device'.
* 'before' and 'after' are now only applied to 'lines'
* remove update argument
* update doc strings
* add path argument when performing config difference
* removes update argument
* adds `config` option to replace argument
* moves session management into shared module
* cleans up doc strings
* `before` and `after` args now only apply to lines
If you apply `wait=yes` and use `instance_tags` as your filter for
stopping/starting EC2 instances, this stack trace happens:
```
An exception occurred during task execution. The full traceback is: │~
Traceback (most recent call last): │~
File "/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py", line 1540, in <module> │~
main() │~
File "/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py", line 1514, in main │~
(changed, instance_dict_array, new_instance_ids) = startstop_instances(module, ec2, instance_ids, state, instance_tags) │~
File "/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py", line 1343, in startstop_instances │~
if len(matched_instances) < len(instance_ids): │~
TypeError: object of type 'NoneType' has no len() │~
│~
fatal: [localhost -> localhost]: FAILED! => {"changed": false, "failed": true, "invocation": {"module_name": "ec2"}, "module_stderr": "Traceb│~
ack (most recent call last):\n File \"/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py\", line 1540, in <module>\n main()\n File \"/tmp/│~
ryansb/ansible_FwE8VR/ansible_module_ec2.py\", line 1514, in main\n (changed, instance_dict_array, new_instance_ids) = startstop_instances│~
(module, ec2, instance_ids, state, instance_tags)\n File \"/tmp/ryansb/ansible_FwE8VR/ansible_module_ec2.py\", line 1343, in startstop_insta│~
nces\n if len(matched_instances) < len(instance_ids):\nTypeError: object of type 'NoneType' has no len()\n", "module_stdout": "", "msg": "│~
MODULE FAILURE", "parsed": false}
```
That's because the `instance_ids` variable is None if not supplied
in the task. That means the instances that result from the instance_tags
query aren't going to be included in the wait loop. To fix this, a list
needs to be kept of instances with matching tags and that list needs to
be added to `instance_ids` before the wait loop.
* Ensure unicode characters in zip-compressed filenames work correctly
Another corner-case we are fixing hoping it doesn't break anything else.
This fixes:
- The correct encoding of unicode paths internally (so the filenames we scrape from the output and is returned by zipfile match)
- Disable LANG=C for the unzip command (because it breaks the unicode output, unlike on gtar)
* Fix for python3 and other suggestions from @abadger
Before this, all spot instance requests would fail because the code
_always_ called module.fail_json when the parameter was set (which it
always was, because the module parameter's default was set to 'stop').
As the comment said, this parameter doesn't make sense for spot
instances at all, so the error message was also misleading.
* fixes issue where configuration was not being loaded (#4704)
* fixes issue where defaults were not included when argument was set to True
tested on EOS 4.15.4F
When the configuration is compared and the results deserialized, the
dumps() function returns a string. This cohereces the return to a list
in case before and/or after needs to be applied
fixes 4707
* fixes save argument to be type bool
* now properly sets the changed returned flag based on diff
* updates docstring RETURNS to add backup_path
* removes unneeded state argument
tested on EOS 4.15.4F
Updates the junos_netconf module with changes to load the
NetworkModule instead of the get_module factory method. This
update is part of the 2.2 refactor of network modules
* adds src argument to load configuration from disk
* adds src_format to set the source file format
* adds update argument with choices merge or replace
* deprecates the replace argument in favor of update=replace
This provides support for passing additional positional parameters to async_wrapper.
Additional parameters will be used by the upcoming async support for Windows.
* Python3 fixes to copy, file, and stat so that the connection integration tests can be run
* Forgot to audit the helper functions as well.
* Fix dest to refledt b_dest (found by @mattclay)
* commands argument now accepts a dict arguments
* rpcs argument now accepts a dict argument
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowd when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
SELinux since 2012 use a configuration file to
convert boolean names from a old name to a new name,
for preserving backward compatibility.
However, this has to be done explicitely when using the python
bindings, and the module was not doing it.
Openshift ansible script use this construct to detect if
a boolean exist or not:
- name: Check for existence of virt_sandbox_use_nfs seboolean
command: getsebool virt_sandbox_use_nfs
register: virt_sandbox_use_nfs_output
failed_when: false
changed_when: false
- name: Set seboolean to allow nfs storage plugin access from containers(sandbox)
seboolean:
name: virt_sandbox_use_nfs
state: yes
persistent: yes
when: virt_sandbox_use_nfs_output.rc == 0
On a system where virt_sandbox_use_nfs do not exist, this work. But
on a system where virt_sandbox_use_nfs is a alias to virt_use_nfs (like
Fedora 24), this fail because the seboolean is not aware of the alias.
On python3, we want to use the surrogateescape error handler if
available for filesystem paths and the like. On python2, have to use
strict in these circumstances. Use the new error strategy for to_text,
to_bytes, and to_native that allows this.
In Ansible 2.x this module gives `changed = True` for all privileges
that are specified including a table with
priv: "database.table:GRANT"
Mysql returns escaped names in the format
`database`.`tables`:GRANT
However in PR #1358, which was intended to support dotted database names
(a crazy idea to begin with), the quotes for the table name were left
out, leading to `curr_priv != new_priv`.
This means that the idempotency comparison between new_priv and
curr_priv is always 'changed'.
This PR re-introduces quoting to the table part of the priv.
dict no longer have a iteritems method, it was replaced
by items. So we need to use six.
Traceback (most recent call last):
File \"/tmp/ansible_hjd7d65c/ansible_module_mysql_user.py\", line 587, in <module>
main()
File \"/tmp/ansible_hjd7d65c/ansible_module_mysql_user.py\", line 571, in main
changed = user_add(cursor, user, host, host_all, password, encrypted, priv, module.check_mode)
File \"/tmp/ansible_hjd7d65c/ansible_module_mysql_user.py\", line 239, in user_add
for db_table, priv in new_priv.iteritems():
AttributeError: 'dict' object has no attribute 'iteritems'
Using something like:
- name: Create ssh keys
user:
name: root
generate_ssh_key: yes
register: key
result into this traceback on F24
Traceback (most recent call last):
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 2170, in <module>
main()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 2108, in main
(rc, out, err) = user.modify_user()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 660, in modify_user
return self.modify_user_usermod()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 417, in modify_user_usermod
has_append = self._check_usermod_append()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 405, in _check_usermod_append
lines = helpout.split('\\n')
TypeError: a bytes-like object is required, not 'str'
Traceback (most recent call last):
File "/tmp/ansible_csqv781s/ansible_module_systemd.py", line 374, in <module>
main()
File "/tmp/ansible_csqv781s/ansible_module_systemd.py", line 263, in main
for line in out.split('\\n'): # systemd can have multiline values delimited with {}
* adds support for default facts subset
* adds support for config facts subset
* maintain legacy facts from ops_facts pre-2.2
Tested on Openswitch 0.4.0
* add src argument to provide path to config file
* add new choice to match used to ignore current running config
* add update argument with choices merge or check
* add backup argument to backup current running config to control host
* add save argument to save current running config to startup config
* add state argument to control state of config file
* deprecated force argument, use match=none instead
Note: this module only supports transport=cli
Tested on OpenSwitch 0.4.0
* commands argument now accepts a dict arguments
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowed when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
Tested on OpenSwitch 0.4.0
* add support for vrf configurations
* add support for configing the qos value for eapi
* add config argument to specify the device running-config
Tested on EOS 4.15.4F
IOS devices only support a single command output which is structured
text. This removes the ability to specify the command output format
when providing complex arguments to the commands
Due to a mixup of the group/role/user and policy names, policies with
the same name as the group/role/user they are attached to would never be
updated after creation. To fix that, we needed two changes to the logic
of policy comparison:
- Compare the new policy name to *all* matching policies, not just the
first in lexicographical order
- Compare the new policy name to the matching ones, not to the IAM
object the policy is attached to
We got an error while switching on existent local branch
because git module can not find branch in function get_branches
if we have color.branch=always in git config.
One of the usual issue is that run_command return bytes,
so we have to adapt the string to either be bytes too,
or convert to string.
This result into that kind of traceback:
Traceback (most recent call last):
File \"/tmp/ansible_ej32yu2w/ansible_module_git.py\", line 1009, in <module>
main()
File \"/tmp/ansible_ej32yu2w/ansible_module_git.py\", line 873, in main
git_version_used = git_version(git_path, module)
File \"/tmp/ansible_ej32yu2w/ansible_module_git.py\", line 788, in git_version
rematch = re.search('git version (.*)$', out)
File \"/usr/lib64/python3.5/re.py\", line 173, in search
return _compile(pattern, flags).search(string)
TypeError: cannot use a string pattern on a bytes-like object
Another issue is filter being a object instead of a list.
* key maps are now frozenset instead of dict objects
* FactsBase now includes utility functions for transforming json data structures
Tested on NXOS 7.3(0)D1(1)
* adds support for std network facts
* adds support for default facts subset
* adds support for config facts subset
* adds support for interface facts subset
* adds support for hardware facts subset
Tested on IOS-XR 6.0.0
* adds support for std network facts
* adds support for default facts subset
* adds support for config facts subset
* adds support for interface facts subset
* adds support for hardware facts subset
* maintains backwards capabilitity with 2.1 facts module
Tested on NXOS 7.3(0)D1(1)
* adds support for std network facts
* adds support for default facts subset
* adds support for config facts subset
* adds support for interface facts subset
* adds support for hardware facts subset
Tested on EOS 4.15.4F
* add src argument to provide path to config file
* add new choice to match used to ignore current running config
* add update argument with choices merge, replace or check
* add backup argument to backup current running config to control host
* add comment argument to provide comment to commit
* deprecated force argument, use match=none instead
Lineinfile deals heavily with Unic text files. Makes some sense to deal
with it all as byte strings. So there is a lot of work done here to
show that we're dealing with byte strings throughout.
The ssh_public_keys must be a list otherwise will give the error:
"argument ssh_public_keys is of type <type 'dict'> and we were unable to convert to list"
* Improve the correct handling of gtar and unzip options
Add the option --show-transformed-names when extra_opts is being used
Ignore bogus warnings related to empty filenames
Properly quote _and_ escape filenames for unzip command
Rewrite gtar options and provide run_command with array, not string
This fixes#2480 and #4109.
* Make check-mode work for zip-files
Check-mode was disabled for zip-files since gtar did not support it.
This change enables check-mode support for zip-files, but does skip the task when used with gtar.
(Best of both worlds)
Also remove unused compress_mode variable.
This replaces PR #4401, the changes overlap somewhat so I merged them
* commands argument now accepts a dict arguments
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowd when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
* commands argument now accepts a dict arguments[1]
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowd when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
[1] The commands argument will now accept a dict argument that can
specifiy the output format of the command. To specify a dict argument
use the form of { command: <str>, output: <str>, prompt: <str>,
response: <str> }.
* arguments for vyos_config for 2.2 are now complete
* adds loading config file from disk (src argument)
* removes unsupported rollback argument
* changes update_config to update with options merge or check
* changes backup_config to backup
* add state argument for state of configuration file
* adds backup argument to backup current configuration
* adds save argument to control if active config is saved to disk
* adds comment argument for setting commit comment
* adds match argument to control configuraiton match
Tested with VyOS 1.7
* Import module_utils at the top
* Fix python3 by marking literals combined with stdout/stderr as byte
literals
* Mark parameters as type=path where appropriate
* FreeBSD do not support --omit-header and --absolute-names
* The option for following symlink wth getfacl is different on FreeBSD
* ZFS on Freebsd use nfsv4 acls, who use a slightly different syntax
* FreeBSD do not have a --test flag, so always return 'True'
* FreeBSD do not have the --omit-headers options, so we have to filter by ourself
* Mark Freebsd as working for the acl module
* commands argument now accepts a dict arguments[1]
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowd when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
[1] The commands argument will now accept a dict argument that can
specifiy the output format of the command. To specify a dict argument
use the form of { command: <str>, output: <str>, prompt: <str>,
response: <str> }. Command and output are required arguments. Output
accepts valid values text and json.
* add src argument to provide path to config file
* add new choice to match used to ignore current running config
* add update argument with choices merge, replace or check
* add backup argument to backup current running config to control host
* add defaults argument to control collection of config with or without defaults
* add save argument to save current running config to startup config
* add state argument to control state of config file
* deprecated force argument, use match=none instead
The CommandRunner will not allow duplicate commands to be added to the
command stack. This fix will now catch the exception and continue if
a duplicate command is attempting to be added to the runner instance.
* commands argument now accepts a dict arguments[1]
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowd when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
[1] The commands argument will now accept a dict argument that can
specifiy the output format of the command. To specify a dict argument
use the form of { command: <str>, output: <str>, prompt: <str>,
response: <str> }. Command and output are required arguments. Output
accepts valid values text and json.
* add src argument to provide path to config file
* add new choice to match used to ignore current running config
* add update argument with choices merge or check
* add backup argument to backup current running config to control host
* add defaults argument to control collection of config with or without defaults
* add save argument to save current running config to startup config
* add state argument to control state of config file
* deprecated force argument, use match=none instead
* merge changes from ios shared module functions into ios_config.
* add src argument to provide path to config file
* add new choice to match used to ignore current running config
* add update argument with choices merge or check
* add backup argument to backup current running config to control host
* add defaults argument to control collection of config with or withoutdefaults
* add save argument to save current running config to startup config
* add state argument to control state of config file
* deprecated force argument, use match=none instead
* commands argument now accepts a dict arguments[1]
* waitfor has been renamed to wait_for with an alias to waitfor
* only show commands are allowd when check mode is specified
* config mode is no longer allowed in the command stack
* add argument match with valid values any, all
[1] The commands argument will now accept a dict argument that can
specifiy the output format of the command. To specify a dict argument
use the form of { command: <str>, output: <str>, prompt: <str>,
response: <str> }. Command and output are required arguments. Output
accepts valid values text and json.
Importing a (sign only) subkey with apt_key module always fails,
however the actual keyring gets created and contains the correct keys.
Apparently the all_keys function skips the subkeys, hence the problem.
Fixes#4365
* make HEAD parsing more robust
* Fail the module for any splitter errors
* fix combining depth and version on filepath urls by prepending file://
Addresses #907
* Made some changes to determine branch name more reliable (it may contain slashes now).
* Determination of branch name more reliable, as per comment on PR #907
- Removed required_if.
- Fixed doc strings.
- Removed debug output being appended to actions.
- Put import of basics at bottom to be consistent with other docker modules
- Added 'containers' alias to 'connected' param
- Put facts in ansible_facts.ansible_docker_network
* Git: Determine if remote URL is being changed
Ansible reported there were no changes when only the remote URL for a
repo was changed. This properly tracks and reports when the remote URL
for a repo changes.
Fixes#4006
* Fix handling of local repo paths
* Git: Use newer method for fetching remote URL
* Git: use ls-remote to fetch remote URL
Using ls-remote to fetch remote URL is supported in earlier versions
of Git compared to using remote command.
* Maintain previous behavior for older Git versions
Previously whether or not the remote URL changed was not factored
into command's changed status. Git versions prior to 1.7.5 lack the
functionality used for fetching a repo's remote URL so these versions
will update the remote URL without affecting the changed status.
When you try to remote unarchive files with the option copy=no the code always fail, as evidenced in issue #4202. That happens because the conditional to check "if remote_src=no or copy=yes" will always be true since the default value of them is remote_src=no and copy=yes.
My modification is only to change the condition from or to and, that way only if both the vars stay with the default value will be true, otherwise you can unarchive remote files.
* Add diffmode support to git module
This patch adds missing diffmode support to the git module.
* Remodel get_diff() and calls to it
As proposed by @abadger
* Ensure we fetch the required object before performing a diff
Also we handle the return code ourselves, so don't leave this up to run_command().
Now that there is general purpose `Fact` helper to detect if systemd
is active, we would be able to rely on that to apply SystemdStrategy.
Detecting presence of systemd at runtime would be more reliable than
distribution version based heuristics. (e.g., Debian, Ubuntu allows
user to change the default init system, Gentoo allows switching as
well, and so on).
A capital "S" appears when the the setuid or setgid bit are set but have no effect. Likewise, a capital "T" appears when the sticky bit is set but it has no effect.
During check_mode (`--check`), the variable change could be
used uninitialized, yielding this error:
`UnboundLocalError: local variable 'changed' referenced before assignment`
This changeset simply initializes it to False.
* error handling for importing non-existent db
* creating db on import state and suitable message on deleting db
* handling all possible cases when db exists/not-exists
* Check mode fixes for ec2_vpc_net module
Returns VPC object information
Detects state change for VPC, DHCP options, and tags in check mode
* Early exit on VPC creation in check mode
The default VPC egress rules was being left in the egress rules for
purging in check mode. This ensures that the module returns the correct
change state during check mode.
By default, ssh-keygen will pick a suitable default for ssh keys
for all type of keys. By hardocing the number of bits to the
RSA default, we make life harder for people picking Elliptic
Curve keys, so this commit make ssh-keygen use its own default
unless specificed otherwise by the playbook
sysrc(8) does not exit with non-zero status when encountering a
permission error.
By using service(8) `service <name> enabled`, we now check the actual
semantics expressed through calling sysrc(8), i.e. we check if the
service enablement worked from the rc(8) system's perspective.
Note that in case service(8) detects the wrong value is still set,
we still output the sysrc(8) output in the fail_json() call:
the user can derive the exact reason of failure from sysrc(8) output.
AWS security groups are unique by name only by VPC (Restated, the VPC
and group name form a unique key).
When attaching security groups to an ELB, the ec2_elb_lb module would
erroneously find security groups of the same name in other VPCs thus
causing an error stating as such.
To eliminate the error, we check that we are attaching subnets (implying
that we are in a VPC), grab the vpc_id of the 0th subnet, and filtering
the list of security groups on this VPC. In other cases, no such filter
is applied (filters=None).
EC2 Security Group names are unique given a VPC. When a group_name
value is specified in a rule, if the group_name does not exist in the
provided vpc_id it should create the group as per the documentation.
The groups dictionary uses group_names as keys, so it is possible to
find a group in another VPC with the name that is desired. This causes
an error as the security group being acted on, and the security group
referenced in the rule are in two different VPCs.
To prevent this issue, we check to see if vpc_id is defined and if so
check that VPCs match, else we treat the group as new.
While from the documentation[1] one would assume that replacing
CAPABILITY_IAM with CAPABILITY_NAMED_IAM; this as empirically been shown
to not be the case.
1: "If you have IAM resources, you can specify either capability. If you
have IAM resources with custom names, you must specify
CAPABILITY_NAMED_IAM."
http://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html
Previously, when the attributes of a GCE firewall change, they were ignored. This PR changes that behavior and now updates them.
Note that the "update" also removes attributes that are not specified.
An overview of the firewall rule behavior is as follows:
1. firewall name in GCP, state=absent in PLAYBOOK: Delete from GCP
2. firewall name in PLAYBOOK, not in GCP: Add to GCP.
3. firewall name in GCP, name not in PLAYBOOK: No change.
4. firewall names exist in both GCP and PLAYBOOK, attributes differ: Update GCP to match attributes from PLAYBOOK.
Current module fails when tries to assign floating-ips to server that
already have them and either fails or reports "changed=True" when no
ip was added
Removing floating-ip doesn't require address
Server name/id is enough to remove a floating ip.
This parameter was actually added in 2.0. It's just that the
documentation in previous versions of the module were wrong (it said the
name was "network" rather than "name.) I've renamed the parameter in
the documentation of prior versions so ansible-module-validate should no
longer think that this is a new parameter.
The module would raise a KeyError trying to find the save_config key
which is not present in the argument_spec. This was caused by the
check_args() function. Since the ios shared argument spec isn't used
the check_args function is not needed and has been removed.
This removes the get_module() factory function and directly creates
an instance of NetworkModule. This commit includes some minor clean
up to transition to the ios shared module for 2.2
The shade update_router() call will return None if the router is
not actually updated. This will cause the module to fail if we
do not protect against that.
* using check mode will now block all commands except show commands
* module will no longer allow config mode commands
* check args for unused values and issue warning
This refactors the ios_config module to use the network module added
in 2.2 to simplify common network functions
new features
* add src, dest arguments for working with config
* results now return flag if the config was saved or not
* adds append argument for updating the dest file (when dest is used)
The os_server module could automatically generate a floating IP for
the user with auto_ip=true, but we didn't allow for this FIP to be
automatically deleted when deleting the instance, which is a bug.
Add a new option called delete_fip that enables this.
* Revert PR #3575 since it causes problems related to exclude patterns
By using a different method for getting archive filelists, and extracting we introduced new problems related to excluding based on gtar patterns.
As a result files that would be excluded by gtar, would still be in the filelist. Implementing our own gtar compatible pattern exclusion mechanism is near to impossible (believe me, we looked at it...). The best way is to look at the original problem and deal with that, and ensure that extraction and filelists are done with the exact same tool and exact same options.
The solution is to decode the octal unicode representation in gtar's output back to unicode. Since gtar has no problem extracting these files in LANG=C, we simply has to compensate for it.
This reverts #3575 and fixes#11348.
* Implement codecs.escape_decode() instead of decode("string_escape") for python3
* remove unused variables
* fetch branch name instead of HEAD
fix#3782, which was introduced by f1bacc1d3f
* disable git depth option for old git versions
fixes#3782
git support for `--depth` did not fully work in old git versions (before 1.8.2)
fall back to full clones/fetches on those versions
* raise required git version to 1.9.1 for depth option
* use correct depth argument in switch_version
* service module: use sysrc on FreeBSD
sysrc(8) is the designated userland program to edit rc files on FreeBSD.
It first appeared in FreeBSD 9.2, hence is available on all supported
versions of FreeBSD.
Side effect: fixes#2664
* Incorporate changes suggested by bcoca.
- Use `get_bin_path` to find sysrc binary.
- Only use sysrc when available (support for legacy versions of FreeBSD)
Without this, ansible 2.1 will convert some arguments that are
meant to be dict or list type to their str representation.
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Change the file mode arg to 'raw' ala file args
Following the file_common_args model, change the
type of the 'mode' arg here to type='raw' with no
default arg value.
The default mode for file creation is the module
constant DEFAULT_SOURCES_PER, and is used if no
mode os specified.
A default mode of 0644 (and not specified as int or str)
would get converted to an octal 420, resulting in the
sources file being created with mode '0420' instead of '0644'
Fixes#16370
The `source_dest_check` and `termination_protection` variables are being
assigned twice in ec2.py, likely due to an incorrect merge somewhere
along the line.
* A few more sanity checks for detecting unzip output that's not a file entry
Also note that there's a rounding error somewhere in the mtime
comparison code.
* Fix reference to sub-array
Because the async_status module will read from the same file that
the async_wrapper module is writing, it's possible that the file
may not be fully synced during a read, causing spurious failures.
Use a temp file to do an atomic operation on the file. We can't
use atomic_move() here as that doesn't work properly under async.
Also, let's not read concurrently from the same file the subprocess
is writing to. Instead, capture stdout/stderr via PIPE and write to
the file to avoid nasty races.
* This adds support the CommandRunner to handle executing commands on
the remote device.
* It also changes the waitfor argument to wait_for to remain compatable
with other modules and adds an alias for waitfor.
* Restricts commands to show commands only when check mode is specified.
* add version_added to wait_for doc string
The IAM group modules were not receiving the `module` object, but they
use `module.fail_json()` in their exception handlers. This patch passes
through the module object so the real errors from boto are exposed,
rather than errors about "NoneType has no method `fail_json`".
$source check causes:
FAILED! => {"changed": false, "failed": true, "msg": "A parameter cannot be found that matches parameter name 'Source'."}
$Params.Remove causes:
FAILED! => {"changed": false, "failed": true, "msg": "Method invocation failed because [System.Management.Automation.PSCustomObject] does not contain a method named 'Remove'."}
* Change documented options for os_networks_facts
os_network_facts currently lists 'network' as an available option, taking the Name or ID. In Ansible 2.0.2 to 2.2.0, this is not valid. Options 'name' and 'id' should be used instead.
* Update os_networks_facts.py
* Update os_networks_facts.py
Set version_added to the only accepted value
* Update os_networks_facts.py
Removed inappropriate 'ID' parameter
When `version` is not specified, it defaults to "HEAD". "HEAD" is not a
remote tag, and it's not listed in the output of get_branches(), so we'd
keep repo_updated at the default value (None) and then return early with
changed=True in --check mode, even when before == after.
Fixes#3024.
Ceph Object Gateway (Ceph RGW) is an object storage interface built on top of
librados to provide applications with a RESTful gateway to Ceph Storage
Clusters:
http://docs.ceph.com/docs/master/radosgw/
This patch adds the required bits to use the RGW S3 RESTful API properly.
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Prior to Python 2.5, SystemExit was a subclass of Exception.
In Py2.4, this is causing extra error output on valid sys.exit(0).
(Toshio) Call sys.exit from inside of the SystemExit exception handler so py2.4 and py2.5+ behaviour matches
* Fixing compile time errors irt a) exception handling for Python 3 in util, also: b) problem octal usage (fixed) and c) print json_dump -> print(json_dump(xyz) ... et al
* This code was not Python 2.4 compliant. Octal codes and exception handling is now working with Py 2.4, 2.6, & 3.5.
* Fixing formating (or rather reverting an non 2.4 compatible change). Works in compile & runtime checking.
* a) revert to use print sys.stderr not fail_json; b) fixed var name in exception
* Python 3 compatible print (print >>sys.stderr will generate a TypeError - now uses sys.stderr.write instead).
The "Developing Modules" documentation states:
Include a minimum of dependencies if possible. If there are
dependencies, document them at the top of the module file, and have
the module raise JSON error messages when the import fails.
When docker_service runs on a remote host without PyYAML it crashes with
ImportError.
This patch raises a JSON error message when import fails, but only if
the PyYAML module is actually used. It's only needed when the
"definition" parameter is given.
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
The example for delete=yes does not specify recursive although it is
required. In addition, the wording for the delete option is confusing
about from where files are really deleted. This should clarify that.
* Update GitHub templates to reflect ansible/ansible
Update the GitHub templates to what is used for some time on ansible/ansible
For more information, see ansible/ansible#15961
* Small improvement from ansible/ansible
* Improve the unzip output scraping
Ensure we capture the complete file (also when it includes spaces).
Drop lines that do not conform (in length) to what we expect (e.g. header/footer).
This fixes#3813
* Fix how split() works
* remove unused variables
* fetch branch name instead of HEAD
fix#3782, which was introduced by f1bacc1d3f
* disable git depth option for old git versions
fixes#3782
git support for `--depth` did not fully work in old git versions (before 1.8.2)
fall back to full clones/fetches on those versions
Reading the entire tar file into memory can result in out-of-memory
conditions such as this traceback:
Traceback (most recent call last):
File "/tmp/ansible_YELTSu/ansible_module_docker_image.py", line 486, in load_image
self.client.load_image(image_data)
File "/usr/local/lib/python2.7/dist-packages/docker/api/image.py", line 147, in load_image
res = self._post(self._url("/images/load"), data=data)
...
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 848, in _send_output
msg += message_body
MemoryError
Luckily docker-py's load_image(), which calls requests post(), accepts a
file-like object instead of a string. Pass in the file object to avoid
reading the full file into memory. This allows larger tar files to load
succesfully.
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
* This moves the lines in the code that parse the `env` and `env_file` options for docker to the end of the `__init__()` function.
This is needed because the `_check_capabilites` function needs both a working `self.client` and a proper `self.docker_py_versioninfo`.
`_check_capabilities` is used by `ensure_capabilities` which is, in turn, used by `get_environment`
This means that before this commit, the environment variables could not be loaded because both `self.client` and `self.docker_py_versioninfo` were not set at that time.
This commit fixes that by putting the environment variable parsing after those two.
* This moves the lines in the code that parse the `env` and `env_file` options for docker to the end of the `__init__()` function.
This is needed because the `_check_capabilites` function needs both a working `self.client` and a proper `self.docker_py_versioninfo`.
`_check_capabilities` is used by `ensure_capabilities` which is, in turn, used by `get_environment`
This means that before this commit, the environment variables could not be loaded because both `self.client` and `self.docker_py_versioninfo` were not set at that time.
This commit fixes that by putting the environment variable parsing after those two.
The default pagination is every 100 items with a maximum of 1000 from
Amazon. This properly uses the marker returned by Amazon to concatenate
the various pages from the results.
This fixes#2440.
* Fixing error exception handling for python. Does not need to be compatible with Python2.4 b/c boto is Python 2.6 and above.
* Fixing error exception handling for python. Does not need to be compatible with Python2.4 b/c boto is Python 2.6 and above.
* Fixing compile time errors IRT error exception handling for Python 3.5.
This does not need to be compatible with Python2.4 b/c Boto is Python 2.6 and above.
Fix KeyError: 'prepared' while installing dependencies using deb=<file>.deb
This error shows up when --diff was not passed by and the deb files has dependencies not yet installed.
Closes#3752.
Currently, when writing user's crontab, ansible calls
crontab <file> -u <user>
This is incorrect according to crontab(1) on both FreeBSD and Linux,
which suggest that file argument should be the last.
At least on FreeBSD, this leads to incorrect cron module bahavior which
writes to root's crontab instead of users's
Fallback to unzip if zipfile fails and hope that unzip can deal with it
(sites have an easier time upgrading the unzip utility than all of
python).
https://bugs.python.org/issue3997Fixes#3560
packaging/language/pip.py:
virtualenv option:
Mention that virtualenv is created if it does not exist.
(Explicit is better than implicit.)
Mention other relevant options.
notes:
initialized -> created
Wrap long lines.
This is to address this error:
fatal: [site]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to connect to S3: Region does not seem to be available for awsmodule boto.s3. If the region definitely exists, you may need to upgrade boto or extend with endpoints_path"}
Commit 0dd58e9 changed the logic so an exception is thrown (by
`connect_to_aws`) before the `s3 is None` check is performed. This
changes the `None` check to a catch so the old logic can compensate.
This fix passing the update variable to the str()
so that it avoids the exception when ops.dc.read()
returns a dictionary which contains non-string keys.
This is due to the fact that some of the key types in
OpenSwitch schema are actually defined as integer
and ops.dc declerative config module encode those
in integer inside the dictionary. This could be
the right encoding from the schema point of view
but someone needs to convert it to the string
somewhere, as JSON key should be string.
In the mysql_user module, login_host is defined as "localhost". Setting this to localhost also fixes Ubuntu 16.04 support.
To make it more consistent in the future, the params in all mysql modules should move to module utils. I'll take care.
Also fixed a few other things along.
- httpd removed from control_binaries
- check for enabled module after running a2enmod/a2dismod
- fail, if user has no permissions to run control_binary
- reduce code duplication
* Detection of handler depends on the wrong handler failing to list the contents of the tarfile.
Use explicit compression types with the python tarfile library to
achieve that.
* bytearray isn't available in python2.4
* unarchive: use Python's tarfile module for tar listing
fixes https://github.com/ansible/ansible/issues/11348
Depending on the current active locale, `tar`'s file listing can end up
spitting backslash-escaped characters. Unfortunately, when that happens,
we end up with double-escaped backslashes, giving us a wrong path,
making our action fail.
We could try un-double-escaping our paths, but that would be complicated
and, I think, error-prone. The easiest way forward seemed to simply use
the `tarfile` module.
Why use it only for listing? Because the `unarchive` option also
supports the `extra_opts` option, and that supporting this would require
us to mimick `tar`'s interface.
For listing files, however, I don't think that the loss of `extra_opts`
support causes problems (well, I hope so).
* unarchive: re-add xz decompression support
Following previous change to use Python's `tarfile` module for tar file
listing, we lost `xz` decompression support. This commits re-add it by
adding a special case in `TarXzArchive` that pre-decompresses the source
file.
* Adding docker_container
* If state absent, stop the container before attempting to remove. Fixed status running check.
* If container absent, stop before removing. Fix container status check.
- removed actions feature as this should be global and not per module
- removed default fields from return docs
- moved tags docs to shared fragments
- removed unused imports
* Add more example on how to use module ec2_tags to list tags on an instance
* Add more example on how to use module ec2_tags to list tags on an instance
Prior to the switch to the urls.py code, non-200 responses contained
a 'json' value when the content-type was JSON. This fix restores that
field upon a non-2xx response.
Fixesansible/ansible#15555
This adds a new module for collect device facts from remote devices
running OpenSwitch. This module is useful when collecting fact information
over CLI transport.
this change adds config_format argument with choices of xml, set or text to
specify the desired format of the config returned from the remote device. The
default value is text
There are established connections for a service. The service is bound to a ipv4-mapped ipv6 address. Wait_for wrongly waits for clients listed in exclude_hosts.
* fix git switch branches in combination with depth
* the old implementation is correct, but relies on git working correctly
(as only newer versions do)
* with some older git version (e.g. 1.8.3), git fetch remote branch does
not work, if the branch does not yet exist locally
* this patch works around that without explicitly checking the git version
* future refactoring is needed to reduce the number of fetches to a
minimum; but this patch makes the code "correct"
* add git version requirements to doc
* replace set-branches with git 1.7.1 compatible version
From the git status doc:
--porcelain
Give the output in an easy-to-parse format for scripts. This is similar to the short output, but will remain stable across Git versions and regardless of user configuration. See below for details.
User configuration can break the git module from working as expected.
Since fetch_url already take care of the exception, the try/except
clause is no longer working, so replace it with proper status
checking, thus permitting to remove urlib2 from the import list.
* Add optional force parameter for apache2_module
Fixes#2499
* Add documentation for the force parameter
* Clarify in description that -f(orce) is a Debian parameter
Some people use the command module to run curl not to
download file, but to interact with remote HTTP api, and the
get_url suggestion is not suitable. So adding uri in the warning
would give a more meaningful warning.
Suggested by Tahvok on #ansible irc channel.
'key_ids' is referenced before it is assigned, causing the module to fail with a UnboundLocalError instead of failing gracefully with a helpful error message. This very small patch moves the assignment of 'key_ids' to before the variable is referenced.
* WIP: Making unarchive idempotent
Currently unarchive is not idempotent and has many rough edges and bugs.
The current release is a workable improvement on many fronts:
- zip support is now idempotent (but gtar lacks check-mode)
- New option `exclude` to exclude specific paths/files
- New option `keep_newer` to exclude newer files on target
- New option `extra_opts` to influence unzip/gtar (like synchronize module)
The following items are still ongoing:
- Implement CRC32 support for .zip files
- Re-implement the zip support using native zipfile module
- Re-implement the gtar support using native tarfile/gzip/bz2 modules (lzma external)
- Implement check-mode (works in gzip, but fails using gtar)
- Implement diff-mode (discuss an appropriate output model, like synchronize module)
The re-implementation of unzip/gtar support using native python modules will not only simplify the codebase, additional functionality can be implemented correctly and identically, which is currently not possible. (Other archives could be implemented using native modules equally, incl. options)
* Assorted fixes to zip support (during quality checks)
- Support both rw---- and rwx--- permstr
- Better file type support (more qa needed)
- Symlink support
- Include fix from #3229
* Implement zip diff-mode (itemized change) and avoid changes permissions every time (!)
This commit implements:
- rsync-compatible itemized-change output in diff-mode (using zip)
- no longer changing permissions unconditionally (when idempotent)
* Small fixes to itemized change output
* Fixes to user/group ownership changes
- The implementation of user/group ownership is a bit more complex for idempotency
- We report when a ZIP file incorrectly tags a directory as a file/link
- We only offer diff output when there is a change
* Fix the handling of includes and excludes for unzip
* Remove test output from output (confuses easily)
* Logic and performance improvements to ownership handling, and umask fix
* Handle special files (type '?')
* Make exceptions compatible with python 2.4
* Implement CRC32 support
* Revert some unintended/unknown changes ?
* Taking over maintenance as offered by current maintainer
* Fix support for white-spaces in filenames
* Remove/rename incorrect regex
* Ensure that fat executables end up with execute permission
* Remove check_result from output when unchanged
* When unarchiving as a user, or when owner/group/mode is supplied --diff is insufficient
Only way to be sure is to check request with what is on disk (as we do for zip).
Leave this up to set_fs_attributes_if_different() instead of inducing a (false) change
* By default, don't send confusing check_results in verbose output
This fixes#74.
for install, remove, deb_install, and upgrade.
Since apt has very commonly familiar output, just use the normal output
from apt-get or aptitude -- trimmed to the interesting parts -- to show
to the user if she specified --diff on the CLI.
Uses the recent support for the `diff['prepared]` key.
Fixesansible/ansible#10239
This allows a user to modify the state of the virtual cdrom in a VM
by using the state == reconfigured action. This is useful for
provisioning VMs from templates which do not have ISO images connected.
ec2_elb_lb doesn't react well to AWS API throttling errors. This
implements an exponential backoff operation around some of the AWS API
calls (with random jitter, in line with AWS recommendations) to make
this more resilient.
* make git updates respect depth
until now `fetch` gets all tags and heads at full depth, this change
* uses `depth` argument for `fetch`
* only get the specified `version` in `fetch`
* fixes#14954
* treat combination of refspec and depth correctly
* be more conservative for non-depth fetch
* Speed up AMI code by not attempting to create the AMI without checking on the name first. Also simplifies code for reporting errors from AMI creation, greatly.
* remove sys.exit
A cloud/domain admin should be able to create a subnet on any
project it is granted on.
This change adds the 'project' parameter that accepts either
a name (admin-only) or id.
A cloud/domain admin should be able to create a network on any project
it is granted to.
This changes adds the possibility to pass either a project ID or
project name.
'server_insecure' maps to the subscription-manager config
(/etc/rhsm/rhsm.conf) value for 'insecure' key in the
'server' stanza. The 'insecure' configures if the https connection
to 'server_hostname' is verified as having been issued by
a CA in 'ca_cert_dir' trust store.
Previous documentation indicating it disables https and
enables http was inaccurate. Connection to server_hostname
always uses https.
* based on cpython os.path.ismount
* includes patch from http://bugs.python.org/issue2466
* fixes#2186
* when the upstream bug is fixed this should be removed/rewritten
* use ismount from module_utils
login_password should not be logged, so mark it as 'no_log'
the others arguments are path to file, and so should be type='path',
which permit to remove the line handling '~' and shell variables.
Fixed type checking to be more idiomatic powershell, also fixes a slew of StrictMode issues and gets error handling back to originally-intended behavior.
A change was merged to the main Ansible core code that can cause
a potential hang if any libraries are called that use threading.
This change was:
4b0aa1214c
This affected the os_object module by causing a hang on the shade
create_object() API call (which in turn calls swiftclient which
uses threading). The fix is to make sure all modules have a main()
that is wrapped with an "if __name__ == '__main__'" check.
In case role policy was deleted, we did not handle at all if there
was authorization issue to do the deletion. Also add message when
role is not found and the policy is skipped.
The default_project is checked at the beginning of the module.
This raises an exception if the project passed does not exist.
This logic only makes sense on resource creation, if a user
puts state=absent the module fails, even though the default
project is not relevant
If a server already exists when os_server is run, but a floating
IP was not assigned to the server when one was requested, the
module will attempt to add an IP to the existing server. But it
would not pass the wait/timeout params to the floating IP APIs.
If wait was True, you could get back a server dict that did not
show the floating IP because it did not wait.
route53 creates Record objects using `health check` and `failover`
parameters. Those parameters only became available in boto 2.28.0.
As some prominent LTS Linux releases (e.g.: Ubuntu 14.04) only ship
older boto versions (e.g.: 2.20.1 for Ubuntu 14.04), users are getting
unhelpful error messages like
TypeError: __init__() got an unexpected keyword argument 'health_check'
when running Ansible 2 against their LTS install's default boto.
We improve upon this error message by checking the boto version
beforehand.
Fixesansible/ansible#13646
Apologies, but I no longer use this module day-to-day myself, and I don't have the bandwidth right now to effectively triage changes in any kind of timely fashion.
Hello!
I wanted stop the containers matched only by image name, but can't do this, if I not set cmd in playbook.
This behavior confused me.
If cmd or entrypoint is defined for running container, but not defined in playbook, makes matching behavior as this sample:
https://github.com/ansible/ansible-modules-core/blob/devel/cloud/docker/docker.py#L463
This is useful for packages that bootstrap their own apt-key setup - only
the initial installation will require overriding. Notable examples are the
Dropbox and Google Chrome packages.
(Setting force=yes is far too strong: I only want to bypass
authentication!)
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Commit f71542c set the incorrect type for these two parameters to
dict when they are actually list of dicts.
Also, the extra_dhcp_opts was incorrectly named (without the terminal
's') and NEVER worked, so this was corrected.
Fixes#3301
This update adds exception handling to catch errors when trying to parse
command output to json. It also removes the dependency on importing json
opting to use the AnsibleModule methods instead
This commit adds a new module, ops_command, that handles executing commands
on OpenSwitch over the CLI. Since this module is designed to work with the
OpenSwitch CLI, it only supports the CLI transport option
This commit adds a new module, ops_config, that allows playbook designers
to create tasks for configuring OpenSwitch over the CLI. The module
is designed to work directly with configuration mode in OpenSwitch and
therefore only supports the CLI transport option
This commit address a bug in the ios_config module when using the
match: strict argument. When the argument is used, the module will
compare the configuration block same as match: exact which is not the
intended behavior. This commit updates the behavior to propertly handle
the strict argument.
now uses atomic move to avoid data corruption
correclty cleans up temp files in every case
returns backup_file info if needed
validate validate before temp file gets created
backup AFTER validate
Without this change, a download failure may bail out with the message:
"Failure downloading http://foo/bar, 'NoneType' object has no attribute 'read'"
whereas with this fix, you'd get a proper error like:
"Failure downloading http://foo/bar, Request failed: <urlopen error [Errno 113] No route to host>"
or one of the many other possible download errors that can occur.
The returned list of diffs aims to simulate how a file system diff would
look before and after writing the sources list files.
![screenshot](http://i.imgur.com/dH6QXtY.png)
n.b. Ternary conditional is due to failing integration test for
python 2.4
This commit refactors the arugments used in ops_template to be strictly
typed and handle by declarative / rest and cli based configurations. It
also removes old arguments not supported and cleans up the documentation
strings
This mirrors a nearly identical change made to apt_repository.py.
Also removes the use of apt-get --force-yes as it can be dangerous
and should not be necessary (apt_repository.py does not use it).
Repeating the explanation from the apt_respository change below:
Since use_unsafe_shell is suspicious from a security point
of view (or it wouldn't be unsafe), the less we have, the less
code we have to thoroughly inspect for a security audit.
In this case, the '&&' can be replaced by doing 2 calls to run_command.
Running async_status in an "until: result.finished" loop will mask a module failure (eg, traceback) with a
template failure, because the fail dict doesn't include "finished" (eg, you'll see "ERROR! The conditional check 'bogus_out.finished' failed. The error was: ERROR! error while evaluating conditional: bogus_out.finished ({% if bogus_out.finished %} True {% else %} False {% endif %}"). Because the failure dict still includes "failed: true",
this change has no effect on stoppage/failure reporting, it just prevents the common usage pattern from masking the underlying error message.
Since our validation does conversion as well as validation, I'm not sure
this is entirely correct. May need to take a look at our conversion
code and re-examine to be sure we're doing it right.