Vilmos Nebehaj
58cccce384
Use PBKDF2HMAC() from cryptography for vault keys.
...
When stretching the key for vault files, use PBKDF2HMAC() from the
cryptography package instead of pycrypto. This will speed up the opening
of vault files by ~10x.
The problem is here in lib/ansible/utils/vault.py:
hash_function = SHA256
# make two keys and one iv
pbkdf2_prf = lambda p, s: HMAC.new(p, s, hash_function).digest()
derivedkey = PBKDF2(password, salt, dkLen=(2 * keylength) + ivlength,
count=10000, prf=pbkdf2_prf)
`PBKDF2()` calls a Python callback function (`pbkdf2_pr()`) 10000 times.
If one has several vault files, this will cause excessive start times
with `ansible` or `ansible-playbook` (we experience ~15 second startup
times).
Testing the original implementation in 1.9.2 with a vault file:
In [2]: %timeit v.decrypt(encrypted_data)
1 loops, best of 3: 265 ms per loop
Having a recent OpenSSL version and using the vault.py changes in this commit:
In [2]: %timeit v.decrypt(encrypted_data)
10 loops, best of 3: 23.2 ms per loop
2015-07-28 14:51:36 +02:00
James Cammarata
e505a1b7c4
Fix variable precedence integrationt test
2015-07-28 00:51:58 -04:00
Brian Coca
c76a66694f
fixed typo
2015-07-27 22:54:57 -04:00
Brian Coca
d9c63fb273
added openvz to inventory
2015-07-27 22:52:12 -04:00
Brian Coca
80ecab5317
Merge pull request #11761 from amenonsen/9843-rebase
...
Add pciid to LinuxNetwork interface fact
2015-07-27 22:20:04 -04:00
Brian Coca
5f8db9cd4b
changed verbose_override to the new _ansible_verbose_override to keep in line with previous changes
...
output now defaults back to having indent=4
2015-07-27 22:15:44 -04:00
Trapier Marshall
250620f2ab
Add pciid to LinuxNetwork interface fact
...
This commit adds pciid to the LinuxNetwork fact object.
pciid is gathered if the symlink /sys/class/net/*/device exists.
Example [>>>> emphasis <<<<]:
$ readlink /sys/class/net/eth0/device
../../../0000:01:00.0
$ ansible localhost --ask-pass -i /tmp/hosts -m setup -a "filter=ansible_eth0"
SSH password:
localhost | success >> {
"ansible_facts": {
"ansible_eth0": {
"active": false,
"device": "eth0",
"macaddress": "0c:d2:92:5d:6e:8e",
"module": "alx",
"mtu": 1500,
>>>> "pciid": "0000:01:00.0", <<<<
"promisc": true,
"type": "ether"
}
},
"changed": false
}
2015-07-28 07:30:03 +05:30
Brian Coca
8746e692c1
changed check to allow for powerpc
...
fixes #11528
2015-07-27 21:44:17 -04:00
Brian Coca
0c21196633
moved openvz inventory script to new home
2015-07-27 20:53:53 -04:00
Brian Coca
164092a835
optimized module docs
2015-07-27 20:52:53 -04:00
Brian Coca
65c649aa3e
added virt_net to changelog
2015-07-27 20:52:53 -04:00
Brian Coca
772841a0a2
added virt_pool module to changelog
2015-07-27 20:52:53 -04:00
Brian Coca
330aee33c5
Merge pull request #8358 from jordonr/devel
...
Added OpenVZ Inventory python script
2015-07-27 20:50:58 -04:00
Brian Coca
2575e1540a
Merge pull request #11740 from amenonsen/8602-rebase
...
Encrypt the vault file after editing only if the contents changed
2015-07-27 20:45:03 -04:00
Toshio Kuratomi
d2346fd2e2
Python2.4 compat fix
2015-07-27 15:34:51 -07:00
Brian Coca
12e3a2a0c1
Merge pull request #11759 from resmo/fix/doc-changelog
...
changelog: fix typos
2015-07-27 18:02:55 -04:00
Rene Moser
41319dc202
changelog: fix typos
2015-07-28 00:00:14 +02:00
James Cammarata
d6cafff2f9
Additional changes to fix fileglob relative path lookups
2015-07-27 16:35:57 -04:00
Brian Coca
9416fc6271
Merge pull request #8977 from billwanjohi/add_package_classifiers
...
add distutils package classifiers
2015-07-27 15:42:51 -04:00
Brian Coca
010e58ebfa
Merge pull request #9878 from ansible/handle-quoted-comma-dict-param
...
Handle quoting of values in dict parameters
2015-07-27 15:37:27 -04:00
billwanjohi
b2739cec6d
add distutils package classifiers
...
I was particularly interested in the programming language ones,
but the others might be useful to others browsing PyPI.
Now with GPLv3+, and Utilities topic.
2015-07-27 19:33:54 +00:00
Toshio Kuratomi
6a68be4e28
Handle quoting of values in dict parameters
2015-07-27 12:31:05 -07:00
James Cammarata
cb262449c7
Reworking internal result flags and making sure include_vars hides vault data
...
Fixes #10194
2015-07-27 14:04:31 -04:00
James Cammarata
eebf437d87
Submodule pointer update
2015-07-27 12:51:58 -04:00
Brian Coca
b2b19a1dc4
Merge pull request #11751 from amenonsen/playwithoutbook
...
A better error message for «ansible playbook.yml»
2015-07-27 12:42:56 -04:00
James Cammarata
7d8afad28c
Merge pull request #11750 from amenonsen/example-prompt
...
Fix incorrect example of vars_prompt
2015-07-27 10:44:51 -04:00
James Cammarata
49a6601856
Further cleanup of internal use of ansible_ssh_host
2015-07-27 10:42:39 -04:00
James Cammarata
ee835ff7ad
Add a base-level get_basedir method for lookup plugins and fix relative lookups
...
Fixes #11746
2015-07-27 10:41:28 -04:00
Abhijit Menon-Sen
65d62090c2
A better error message for «ansible playbook.yml»
...
This is a very conservative change: we add the hint only if we're
definitely going to die already.
2015-07-27 12:43:21 +05:30
James Cammarata
3a4dd523d3
Fix bug where we calculated the relative path of recurisive copies wrong
...
Fixes #11470
2015-07-27 02:29:38 -04:00
Abhijit Menon-Sen
bb12121225
Fix incorrect example of vars_prompt
2015-07-27 11:08:39 +05:30
James Cammarata
a1a8997e89
Merge pull request #11663 from whereismyjetpack/fix_ansible_ssh_host
...
only set ansible_ssh_host if not already set
2015-07-26 23:46:21 -04:00
Brian Coca
a56ff7ae54
now it really is oneline
2015-07-26 23:14:07 -04:00
Brian Coca
5d1d9f1505
fixed diff output to be as it was in 1.x, copy and template now use the same
...
functions to do difs.
2015-07-26 22:29:56 -04:00
James Cammarata
c56a304ad9
Merge pull request #9195 from reedloden/add-dns-facts
...
Add several DNS-related facts by parsing /etc/resolv.conf
2015-07-26 14:59:55 -04:00
James Cammarata
ccb7fb3b4c
Submodule pointer update
2015-07-26 14:41:49 -04:00
James Cammarata
034c766439
Fixing logic in template.py to not assume 'changed' is in the result
2015-07-26 13:57:25 -04:00
James Cammarata
a78ed39f93
Merge pull request #11743 from renard/regex_escape-filter
...
Regex escape filter
2015-07-26 13:52:01 -04:00
James Cammarata
db4b3544d7
Fix syntax error in action plugin template.py
2015-07-26 13:49:27 -04:00
Reed Loden
eb1fb41576
Add several DNS-related facts by parsing /etc/resolv.conf
...
Facts include nameservers, domain, search path, sortlist, and options.
2015-07-26 10:46:59 -07:00
Sébastien Gross
c0b7fcd304
Add documentation for regex_escape filter
2015-07-26 19:08:34 +02:00
Sébastien Gross
36534668f0
Change name from re_escape to regex_escape to fit existing function names.
2015-07-26 19:03:56 +02:00
Sébastien Gross
c1e4085251
Add regular expression escaping filter.
2015-07-26 19:03:27 +02:00
Brian Coca
0b6fadaad7
started implementing diff
...
diff now works with template
also fixed check mode for template and copy
2015-07-26 12:22:22 -04:00
James Cammarata
d11e07a0e5
Merge pull request #11738 from amenonsen/7485-rebase
...
Have ec2.py expand tilde and vars when looking up the EC2_INI_PATH env variable
2015-07-26 11:11:02 -04:00
Pablo Figue
f8bf2ba1bd
Encrypt the vault file after editing only if the contents changed
2015-07-26 14:41:34 +05:30
Andrew Hamilton
7f45c9edf7
Have ec2.py expand tilde and vars when looking up the EC2_INI_PATH env variable
2015-07-26 12:57:56 +05:30
James Cammarata
73aa5686cc
Remove octal escapes from unicode escape handling
...
Fixes #11673
2015-07-25 16:30:11 -04:00
Brian Coca
5be384bab0
Merge pull request #11733 from amenonsen/csvfile
...
v2 breakage: lookupfile should lookup the given file=xxx
2015-07-25 11:53:22 -04:00
Brian Coca
6c1f4ddf7e
Merge pull request #11736 from mscherer/fix_9971
...
Add more explicit documentation on ansible_nodename and ansible_hostname
2015-07-25 11:43:25 -04:00