ansible

Author	SHA1	Message	Date
Vilmos Nebehaj	58cccce384	Use PBKDF2HMAC() from cryptography for vault keys. When stretching the key for vault files, use PBKDF2HMAC() from the cryptography package instead of pycrypto. This will speed up the opening of vault files by ~10x. The problem is here in lib/ansible/utils/vault.py: hash_function = SHA256 # make two keys and one iv pbkdf2_prf = lambda p, s: HMAC.new(p, s, hash_function).digest() derivedkey = PBKDF2(password, salt, dkLen=(2 * keylength) + ivlength, count=10000, prf=pbkdf2_prf) `PBKDF2()` calls a Python callback function (`pbkdf2_pr()`) 10000 times. If one has several vault files, this will cause excessive start times with `ansible` or `ansible-playbook` (we experience ~15 second startup times). Testing the original implementation in 1.9.2 with a vault file: In [2]: %timeit v.decrypt(encrypted_data) 1 loops, best of 3: 265 ms per loop Having a recent OpenSSL version and using the vault.py changes in this commit: In [2]: %timeit v.decrypt(encrypted_data) 10 loops, best of 3: 23.2 ms per loop	2015-07-28 14:51:36 +02:00
Brian Coca	80ecab5317	Merge pull request #11761 from amenonsen/9843-rebase Add pciid to LinuxNetwork interface fact	2015-07-27 22:20:04 -04:00
Brian Coca	5f8db9cd4b	changed verbose_override to the new _ansible_verbose_override to keep in line with previous changes output now defaults back to having indent=4	2015-07-27 22:15:44 -04:00
Trapier Marshall	250620f2ab	Add pciid to LinuxNetwork interface fact This commit adds pciid to the LinuxNetwork fact object. pciid is gathered if the symlink /sys/class/net/*/device exists. Example [>>>> emphasis <<<<]: $ readlink /sys/class/net/eth0/device ../../../0000:01:00.0 $ ansible localhost --ask-pass -i /tmp/hosts -m setup -a "filter=ansible_eth0" SSH password: localhost \| success >> { "ansible_facts": { "ansible_eth0": { "active": false, "device": "eth0", "macaddress": "0c:d2:92:5d:6e:8e", "module": "alx", "mtu": 1500, >>>> "pciid": "0000:01:00.0", <<<< "promisc": true, "type": "ether" } }, "changed": false }	2015-07-28 07:30:03 +05:30
Brian Coca	8746e692c1	changed check to allow for powerpc fixes #11528	2015-07-27 21:44:17 -04:00
Brian Coca	0c21196633	moved openvz inventory script to new home	2015-07-27 20:53:53 -04:00
Brian Coca	164092a835	optimized module docs	2015-07-27 20:52:53 -04:00
Brian Coca	2575e1540a	Merge pull request #11740 from amenonsen/8602-rebase Encrypt the vault file after editing only if the contents changed	2015-07-27 20:45:03 -04:00
Toshio Kuratomi	d2346fd2e2	Python2.4 compat fix	2015-07-27 15:34:51 -07:00
James Cammarata	d6cafff2f9	Additional changes to fix fileglob relative path lookups	2015-07-27 16:35:57 -04:00
Toshio Kuratomi	6a68be4e28	Handle quoting of values in dict parameters	2015-07-27 12:31:05 -07:00
James Cammarata	cb262449c7	Reworking internal result flags and making sure include_vars hides vault data Fixes #10194	2015-07-27 14:04:31 -04:00
James Cammarata	eebf437d87	Submodule pointer update	2015-07-27 12:51:58 -04:00
Brian Coca	b2b19a1dc4	Merge pull request #11751 from amenonsen/playwithoutbook A better error message for «ansible playbook.yml»	2015-07-27 12:42:56 -04:00
James Cammarata	49a6601856	Further cleanup of internal use of ansible_ssh_host	2015-07-27 10:42:39 -04:00
James Cammarata	ee835ff7ad	Add a base-level get_basedir method for lookup plugins and fix relative lookups Fixes #11746	2015-07-27 10:41:28 -04:00
Abhijit Menon-Sen	65d62090c2	A better error message for «ansible playbook.yml» This is a very conservative change: we add the hint only if we're definitely going to die already.	2015-07-27 12:43:21 +05:30
James Cammarata	3a4dd523d3	Fix bug where we calculated the relative path of recurisive copies wrong Fixes #11470	2015-07-27 02:29:38 -04:00
James Cammarata	a1a8997e89	Merge pull request #11663 from whereismyjetpack/fix_ansible_ssh_host only set ansible_ssh_host if not already set	2015-07-26 23:46:21 -04:00
Brian Coca	a56ff7ae54	now it really is oneline	2015-07-26 23:14:07 -04:00
Brian Coca	5d1d9f1505	fixed diff output to be as it was in 1.x, copy and template now use the same functions to do difs.	2015-07-26 22:29:56 -04:00
James Cammarata	c56a304ad9	Merge pull request #9195 from reedloden/add-dns-facts Add several DNS-related facts by parsing /etc/resolv.conf	2015-07-26 14:59:55 -04:00
James Cammarata	ccb7fb3b4c	Submodule pointer update	2015-07-26 14:41:49 -04:00
James Cammarata	034c766439	Fixing logic in template.py to not assume 'changed' is in the result	2015-07-26 13:57:25 -04:00
James Cammarata	a78ed39f93	Merge pull request #11743 from renard/regex_escape-filter Regex escape filter	2015-07-26 13:52:01 -04:00
James Cammarata	db4b3544d7	Fix syntax error in action plugin template.py	2015-07-26 13:49:27 -04:00
Reed Loden	eb1fb41576	Add several DNS-related facts by parsing /etc/resolv.conf Facts include nameservers, domain, search path, sortlist, and options.	2015-07-26 10:46:59 -07:00
Sébastien Gross	36534668f0	Change name from re_escape to regex_escape to fit existing function names.	2015-07-26 19:03:56 +02:00
Sébastien Gross	c1e4085251	Add regular expression escaping filter.	2015-07-26 19:03:27 +02:00
Brian Coca	0b6fadaad7	started implementing diff diff now works with template also fixed check mode for template and copy	2015-07-26 12:22:22 -04:00
Pablo Figue	f8bf2ba1bd	Encrypt the vault file after editing only if the contents changed	2015-07-26 14:41:34 +05:30
James Cammarata	73aa5686cc	Remove octal escapes from unicode escape handling Fixes #11673	2015-07-25 16:30:11 -04:00
Brian Coca	5be384bab0	Merge pull request #11733 from amenonsen/csvfile v2 breakage: lookupfile should lookup the given file=xxx	2015-07-25 11:53:22 -04:00
Brian Coca	b19eb0f4dc	minor improvements to display	2015-07-25 09:15:33 -04:00
Abhijit Menon-Sen	8737061a8f	lookupfile should lookup the given file=xxx (Earlier it used to lookup the pre-split term.)	2015-07-25 15:38:26 +05:30
James Cammarata	eca88d4253	Merge pull request #11732 from amenonsen/9212-rebase Forbid copy: content="" with a directory destination	2015-07-25 02:47:19 -04:00
Mario de Frutos	4ed664f4d0	Forbid copy: content="" with a directory destination Fixes #9107, closes PR #9212	2015-07-25 11:21:14 +05:30
Brian Coca	b9710b4a34	wrapped new system ssh key lookup in case file does not exist	2015-07-24 23:54:13 -04:00
Patrick Michaud	e4df8c3d36	Have paramiko use /etc/ssh_known_hosts Fixes an issue with a confusing error: "paramiko: The authenticity of host '[host]' can't be established" when ssh on the command line doesn't complain Closes PR #7730	2015-07-25 09:09:28 +05:30
Brian Coca	0858d97c44	also captures typeerrors for when not getting a proper string in output	2015-07-24 18:43:40 -04:00
Toshio Kuratomi	8ee3b7384d	Guard the PROTOCOL setting so that we work on older pythons	2015-07-24 15:07:02 -07:00
Toshio Kuratomi	36382face9	Add a warning about mode being octal	2015-07-24 14:52:21 -07:00
James Cammarata	eccfb7e0b5	Adding initial support for includes in handlers Fixes #11694	2015-07-24 16:22:02 -04:00
Brian Coca	7215470c6f	implemented galaxy list in v2	2015-07-24 16:18:55 -04:00
Will Thames	9abd9a8f57	Make ansible-galaxy work with galaxy.ansible.com Now works with role files that use Ansible Galaxy roles Still work to do on making this work with internal roles	2015-07-24 16:04:10 -04:00
Brian Coca	cff77de917	added todo for future of feature	2015-07-24 12:00:38 -04:00
Brian Coca	0089eb8102	reimplemented logging based on log_path var	2015-07-24 12:00:38 -04:00
James Cammarata	ff49c5adac	Make sure we're actually looping before looking at 'results' in TaskResult Fixes #11696	2015-07-24 11:55:22 -04:00
James Cammarata	0fcd53e887	Make sure the command is sudoable before checking for the become password Fixes #11714	2015-07-24 11:37:26 -04:00
James Cammarata	e526743b4f	Allowing `args: "{{some_var}}"` for task params again This is unsafe and we debated re-adding it to the v2/2.0 codebase, however it is a common-enough feature that we will simply mark it as deprecated for now and remove it at some point in the future. Fixes #11718	2015-07-24 10:33:12 -04:00

1 2 3 4 5 ...

4512 commits