This is an implementation of 8bffcf8e50
that was done in the PR https://github.com/ansible/ansible/pull/48082 to devel.
The changes have been manually brought across to the the stable-2.7 branch as it
cannot be cleanly cherry picked due to the substantial differences in become
between these versions.
Currently we impersonate the `SYSTEM` token in order to elevate our become
process with the highest privileges it has available but there are some edge
cases where the first `SYSTEM` token we come across doesn't have the
`SeTcbPrivilege` which is required for the above. This PR adds a further check
in the search for a `SYSTEM` token to make sure it has the `SeTcbPrivilege`
before continuing.
Fixes: #51534
* set valid_until equal to current time + spot_wait_timeout
* add setting ValidUntil to value
* add changelog fragment
* fix shebang issue
(cherry picked from commit d40f0313e2)
* [stable-2.7] ios retry config if section filter fails (#49485)
* Attempt to work around devices that don't understand | section
* Fix case of no flags
(cherry picked from commit 6caed0c)
Co-authored-by: Nathaniel Case <this.is@nathanielca.se>
* Add changelog
* aws_ec2 Implement the missing 'region discovery' (#51333)
* aws_ec2 Implement the missing 'region discovery'
fixes#45288
tries to use api as documented (which seems to fail in latest boto3 versions)
and fallback to boto3 'hardcoded' list of regions
* fixes and cleanup, add error for worst case scenario
* fix tests, remove more unused code
* add load_name
* acually load the plugin
* set plugin as required
* reverted test changes, removed options tests
* fixes as per feedback and cleanup
* Allow default regions list to use flexible credential types
* remove default from delegate_facts to inherit (#45492)
* remove default from delegate_facts to inherit
fixes#45456
* test delegate_facts
* added note about inheritance and defaults
* yamllint
(cherry picked from commit 8743e6ae2e)
* added changelog
* Add coherency between check and normal mode see issue #24633
* Add changelog fragment for the PR
* Make change following PR comment
* Remove trailing whitespace
(cherry picked from commit 240d1a6afb)
* Always check envvars when auth parameter is not provided
This will make it so that all code using the get_api_client
method will make use of the environment variables, instead of
silently ignoring them if default values haven't been set. This
affects at least the k8s lookup plugin.
* Add changelog
(cherry picked from commit 0be66113d4)
* description updated to mention valid value
The only valid value for userns_mode on docker run command is "host". This should be mentioned in description because it is hard to find in docker documentation as well: https://github.com/docker/docker.github.io/issues/7071
(cherry picked from commit d9135f3960)
* Update lib/ansible/modules/cloud/docker/docker_container.py
Co-Authored-By: TimoKramer <4785848+TimoKramer@users.noreply.github.com>
(cherry picked from commit 27dc399885)
* If network cliconf support `supports_generate_diff` in
that case diff between running and cnadidate config
is generated within Ansible and if check_mode is enabled
in that case return only diff without actually invoking
edit_config()
(cherry picked from commit 8f5cd049d6)
* Docs: Add a separate "seealso" section to the module docs
to list related modules and/or related references. This clears up the notes
section for things that are actual notes.
So you can add a section in your module documentation and four types of
references are possible.
seealso:
# Reference by module name
- module: aci_tenant
# Reference by module name, including description
- module: aci_tenant
description: ACI module to create tenants on a Cisco ACI fabric.
# Reference by rST documentation anchor
- ref: aci_guide
description: Detailed information on how to manage your ACI infrastructure using Ansible.
# Reference by Internet resource
- name: APIC Management Information Model reference
description: Complete reference of the APIC object model.
link: https://developer.cisco.com/docs/apic-mim-ref/
This PR also includes:
- Implements ansible-doc support
- Implements schema support for the seealso options
- Updates to the development documentation
- Rename filter convert_symbols_to_format to rst_ify, cfr the existing html_ify and tty_ify filters
- This makes the existing template a lot easier to read and fixes the confusion I had myself rereading the template (again).
- We fixed the possible suboption types (which was limited to 'bool' only)
* Use latest stable instead of devel docs
(cherry picked from commit baf0ad2309)
* Catch SSH authentication errors and don't retry multiple times to prevent account lock out
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Subclass AnsibleAuthenticationFailure from AnsibleConnectionFailure
Use comparison rather than range() because it's much more efficient.
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Make paramiko_ssh connection plugin behave the same way
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add changelog
Signed-off-by: Sam Doran <sdoran@redhat.com>.
(cherry picked from commit 9d4c0dc111)
Co-authored-by: Sam Doran <sdoran@redhat.com>
Signed-off-by: Sam Doran <sdoran@redhat.com>
* file - allow touch on files not owned by user
* use Sentinal value and preserved existing args
* Do no instantiate the Sentinel object
(cherry picked from commit 419727a6da)
* check for result['status'] in systemd module
* instead of checking for result['state'], actually check for chroot and warn
* allow systemctl status to work if in a chroot, update warn text
* simply change warning message
(cherry picked from commit 37960ccc87)
* Corner case in which import_role would add another instance of a role with the same signature into roles: when it already existed there.
roles:
- name: a
tasks:
- import_role: name=a
would execute role 'a' 3 times instead of the intended 2 (x2 in roles: phase +1 in tasks:)
* added tests
(cherry picked from commit eca7c3c8c7)
* [docker_container] Failing on non-string env values (#49843)
* [docker_container] Failing on non-string env values
Fixes#49802
* Clarify failure message
Co-Authored-By: DBendit <David@ibendit.com>
* Fixup from review
(cherry picked from commit d62d7176b0)
* Turn fail into warning for 2.7 backport.
* Fix test for backport
The behaviour in the backport is to warn rather than error
* Describe labels and container_labels correctly
* Clarify reserve_memory and limit_memory docs
* Remove default from container_labels doc
* Remove trailing whitespace
* Document min api version for configs and secrets
* Add changelog fragment
* Specify type on labels and container_labels
* Consolidate required API version descriptions
* Update reserve and limit memory docs
* Use correct power-of-two units
* Remove description about limit_memory minimum 4mb
(cherry picked from commit 644057e9ec)
* fixes issue 50296
* fixes the indentation of the return statement
* Adds a conditional test into `_find_systems_resource()` to check the existence
of the Members of System resource
* updates the error message
* harden the conditional test
* Add a changelog
(cherry picked from commit 94a1d86d70)
