This patch adds some checks on the path that is accessed as a container,
making sure it looks like one. It implements the connection method and
add adaptations to the modern way of writing connections for Ansible.
It also rewords docs and vars to use the nspawn terminology instead of
chroot.
This commit adds a connection driver built on top of systemd-nspawn.
This is similar to the existing `chroot` driver, except that nspawn
offers a variety of additional services. For example, it takes care of
automatically mounting `/proc` and `/sys` inside the chroot environment,
which will make a variety of tools work correctly that would otherwise
fail.
You can take advantage of other system-nspawn features to perform more
complicated tasks. For example, on my x86_64 system I have a Raspberry
Pi disk image mounted on `/rpi`. I can't use `chroot` with this because
the binaries contained in the image are for the wrong architecture.
However, I can use the systemd-nspawn `--bind` option to automatically
insert the appropriate qemu-arm binary into the container using an
inventory file like this:
pi ansible_host=/rpi ansible_nspawn_extra_args='--bind /usr/bin/qemu-arm --bind /lib64'
See http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html
for more information about systemd-nspawn itself.
* Add a vault 'encrypt_string' command.
The command will encrypt the string on the command
line and print out the yaml block that can be included
in a playbook.
To be prompted for a string to encrypt:
ansible-vault encrypt_string --prompt
To specify a string on the command line:
ansible-vault encrypt_string "some string to encrypt"
To read a string from stdin to encrypt:
echo "the plaintext to encrypt" | ansible-vault encrypt_string
If a --name or --stdin-name is provided, the output will include that name in yaml key value format:
$ ansible-vault encrypt_string "42" --name "the_answer"
the_answer: !vault-encrypted |
$ANSIBLE_VAULT;1.1;AES256
<vault cipher text here>
plaintext provided via prompt, cli, and/or stdin can be mixed:
$ ansible-vault encrypt_string "42" --name "the_answer" --prompt
Vault password:
Variable name (enter for no name): some_variable
String to encrypt: microfiber
# The encrypted version of variable ("some_variable", the string #1 from the interactive prompt).
some_variable: !vault-encrypted |
$ANSIBLE_VAULT;1.1;AES256
< vault cipher text here>
# The encrypted version of variable ("the_answer", the string #2 from the command line args).
the_answer: !vault-encrypted |
$ANSIBLE_VAULT;1.1;AES256
< vault cipher text here>
Encryption successful
* add stdin and prompting to vault 'encrypt_string'
* add a --name to encrypt_string to optional specify a var name
* prompt for a var name to use with --prompt
* add a --stdin-name for the var name for value read from stdin
* removes unneeded supports_multiplexing var
* refactors terminal_prompts_re to terminal_stdout_re
* refactors terminal_errors_re to terminal_stderr_re
* updates network_cli unit test cases
The network_cli plugin would return immediately if an error was
detected. This patch will force the connection plugin to still try to
detect the current prompt even if an error is found.
Moving it to after the blocks where per-item results are calculated,
as it's not used there and causes quite a performance hit being there.
Fixes#21340
* refactors supports_sessions to a property
* exposes supports_sessions as a toplevel function
* adds open_shell() to network_cli
* implements open_shell() in eos action plugin
* Add NetApp SolidFire volume module
* Make requested changes
* Make requested changes
* Set supports_check_mode to True
* Make requested changes
* Change new_account_id to account_id, 512emulation
* Make requested changes
* Add alias for enable512e
* Move byte_map to utils and add exit message
* Update description for ‘attributes’
* refactor postgres,
* adds a basic unit test module
* first step towards a common utils module
* set postgresql_db doc argument defaults to what the code actually uses
* unit tests that actually test a missing/found psycopg2, no dependency needed
* add doc fragments, use common args, ansible2ify the imports
* update dict
* add AnsibleModule import
* mv AnsibleModule import to correct file
* restore some database utils we need
* rm some more duplicated pg doc fragments
* change ssl_mode from disable to prefer, add update docs
* use LibraryError pattern for import verification
per comments on #21435. basically LibraryError and touching up its usage in pg_db and the tests.
fix failing fail_json call in postgresql_schema
- Bugfix Pull Request
modules/database/postgresql/postgresql_schema
```
2.3.0
```
Here's an example of the error that was coming out. Massaged some linebreaks and backslashes to make it more readable:
"module_stderr": "Traceback (most recent call last):
File "/tmp/ansible_3X05GE/ansible_module_postgresql_schema.py", line 274, in <module>
main()
File "/tmp/ansible_3X05GE/ansible_module_postgresql_schema.py", line 265, in main
module.fail_json(msg="Database query failed: %s" %(text, str(e)))
NameError: global name 'text' is not defined
",
Now it triggers with the correct exception and shows the traceback. This duplication of str(e) and traceback seems to be the best design pattern.
Sample of the new output:
An exception occurred during task execution. The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_gp4v1Q/ansible_module_postgresql_schema.py", line 254, in main
changed = schema_create(cursor, schema, owner)
...
return super(DictCursor, self).execute(query, vars)
ProgrammingError: permission denied for database schemadb
fatal: [localhost]: FAILED! => {
"changed": false,
"failed": true,
...
},
"msg": "Database query failed: permission denied for database schemadb\n"
allows user to force persistent connection to close, needed for when
you want to benefit from changes applied to the current play but persistent connections
prevent them from being realized.
If versioning is not enabled, then `get_bucket_versioning`
can return an empty dict.
If that happens, the code to enable versioning should still
run!
The logic for suspending versioning was also incorrect, so
have updated that too.
Fixes#20491
Introduces `ignore_nonexistent_bucket` option that does not require ListBuckets permission, so less permissioned IAM roles can still be used with this module.
Fixes#20501
This change will now check the cli context after a module runs and if
the cli is still in config mode it will exit config mode. Also fixes a
minor issue with converting list of commands to a dict
fixes#21481
* First set of CNOS network modules
Two modules: cnos_vlan and cnos_command. First 2 of 17 CNOS modules
* Revert "First set of CNOS network modules"
This reverts commit 63da68b2a857e622b449f514050eed25fbcf0a35.
* cnos_vlan module
First of 17 CNOS modules
* Modify playbook for cnos_vlan module testing
* fix issue found by shippable in cnos.py
* cnos_backup module
* Fix Python3.5 compilation error
* remove cnos_backup module from this PR
* add aliases file so that testing of the cnos_vlan module will be skipped.
* Use empty aliases file
* utility scripts under module_utils changed to BSD license.
* clean up PEP8 issues, add cnos_vlan tests
* remove blank lines from yml files
* remove more blank lines
* remove even more blank lines
* Revert "remove even more blank lines"
This reverts commit bb3998661ce387260340bca39d5f146f5ec54f44.
* re-submit last commit
* fix blank lines in this file under parsing
* fix yamllint errors in doc section of cnos_vlan
* Fix errors reported by Sanity check using validate-modules
* change test playbook to include tasks for all modules
* fix additional pep8 errors
* more fixes, plus fix for python3
* fix for empty options section, removed unnecessary documentation
* fix up documentation section
* Correct options capitalization
* fix example section, add options
* Fix example section of the documentation
* Bug Fix for win_lineinfile and updated examples.
- changed $backrefs to a bool so it works with true/false/yes/no. This also fixes idempotency.
- Updated Docs with an example of using backrefs.
* Made suggested updates and converted two more parameters to "bool"
* Updated the Exception message
- Now contains the Windows Exception message as well as a custom message to help point in the right direction of a failed write.
* Updated Exception Handling
- Added Exception checks for Creating and removing the temporary files.
- Changed the ErrorAction on the copy tmpfile and remove tmp file to "Stop" to
cause the exception handler to catch all errors so we can fail gracefully
every time.
* resolve#21056 - Add support for full cloning. Fix some issues. Update doc
* Fix condition and update doc. Fixes#28585
* Using built-in helper for argspec, revert ansible metadata, add more control and remove type in documentation
* PEP8 style compliance
