Commit graph

8075 commits

Author SHA1 Message Date
Toshio Kuratomi
1ff92e28f9 Update submodule refs to get accurate archive doc 2016-11-02 12:54:26 -07:00
Patrick Uiterwijk
77af3a68de Fix adding the same trusted certificates multiple times (#18296)
If there is an intermittent network failure, we might be trying to reach
an URL multiple times. Without this patch, we would be re-adding the same
certificate to the OpenSSL default context multiple times.
Normally, this is no big issue, as OpenSSL will just silently ignore them,
after registering the error in its own error stack.
However, when python-cryptography initializes, it verifies that the current
error stack of the default OpenSSL context is empty, which it no longer is
due to us adding the certificates multiple times.
This results in cryptography throwing an Unknown OpenSSL Error with details:

OpenSSLErrorWithText(code=185057381L, lib=11, func=124, reason=101,
reason_text='error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table'),

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-11-02 10:40:48 -07:00
Matt Clay
275d5f85ec Update submodule refs. 2016-11-02 09:59:10 -07:00
Samuel Boucher
911a602c79 Update syslog_json.py
Add SYSLOG_FACILITY environment variable to set syslog facility
2016-11-02 10:02:56 -04:00
Daniel
b7e6ace4ee Add timeout option for nxapi (#18074)
* Changes to be committed:
	modified:   lib/ansible/module_utils/nxos.py
    - added configurable timeout to module paramaters
	modified:   lib/ansible/utils/module_docs_fragments/nxos.py
    - added documentation for timeout

* Changes to be committed:
    modified:   ansible/module_utils/nxos.py
    - added timeout option for nxapi transport and added documentation
    - option works with CLI or NXAPI transport

*  Changes to be committed:
	modified:   lib/ansible/utils/module_docs_fragments/nxos.py
    - Changed per comments in PR 18074

*  Changes to be committed:
	modified:   lib/ansible/module_utils/nxos.py
    - added try/except block to test for timeout

* Changes to be committed:
modified:   lib/ansible/module_utils/nxos.py
 - tweaked timeout
2016-11-02 13:32:19 +00:00
jctanner
333f6d447b aix network facts: Separate out the uname call to reduce total calls (#18288)
* aix network facts: Separate out the uname call to reduce total calls
* Remove duplicate check

Fixes #11289
2016-11-01 19:34:26 -04:00
Jasper Lievisse Adriaanse
88970bcfb2 Implement basic DMI facts for OpenBSD 2016-11-01 13:50:02 -04:00
Adrian Likins
309f54b709 Fix 'vault rekey' with vault secret env var
if ANSIBLE_VAULT_PASSWORD_FILE is set, 'ansible-vault rekey myvault.yml'
will fail to prompt for the new vault password file, and will use
None.

Fix is to split out 'ask_vault_passwords' into 'ask_vault_passwords'
and 'ask_new_vault_passwords' to make the logic simpler. And then
make sure new_vault_pass is always set for 'rekey', and if not, then
call ask_new_vault_passwords() to set it.

ask_vault_passwords() would return values for vault_pass and new
vault_pass, and vault cli previously would not prompt for new_vault_pass
if there was a vault_pass set via a vault password file.

Fixes #18247
2016-11-01 13:07:48 -04:00
Toshio Kuratomi
557f46658c Update submodule refs 2016-11-01 09:39:32 -07:00
Daniel Menet
19fdb58948 fix iteritems for python 3 2016-11-01 09:38:03 -07:00
Michael Scherer
4c85a1fa05 Refactor code for VirtualFacts (#18122)
The populate method is cut and paste on every subclass,
so we should push it up, and add a default method that is overloaded
2016-11-01 10:07:50 -04:00
Brian Coca
d4ac0bdea9 display fixes
banner now adjusts to screen as does output
output now keeps at least one space to end of screen to allow for better reading.
2016-11-01 09:51:20 -04:00
Matt Clay
b42e42343c Update submodule refs. 2016-10-31 21:25:07 -07:00
jctanner
b494d55bde Cast input role version to string before comparing to available versions (#18269)
* Cast input role version to string before comparing to avaialble versions

Fixes #10262
2016-10-31 21:07:38 -04:00
Matt Clay
e753860cb2 Update submodule refs. 2016-10-31 17:16:53 -07:00
Matt Martz
cb1e3dab0d Add 'type' filter for display the underlying python type of a variable (#18242)
* Add 'type' filter for display the underlying python type of a variable

* Update playbooks_filters.rst

Minor copyedit.
2016-10-31 13:36:24 -07:00
James Tanner
6d9771bbf8 Move the check for playbook files above the password prompting.
Fixes #9904
2016-10-31 12:44:53 -04:00
Toshio Kuratomi
d7207b3910 Update submodule refs 2016-10-31 09:26:23 -07:00
René Moser
44bdc6fb79 cloudstack: implement diff support (#18254) 2016-10-30 17:05:24 +01:00
René Moser
01af859090 cloudstack: add support for defining some args as ENV vars (#17946)
These ENV vars are:
  - CLOUDSTACK_ZONE
  - CLOUDSTACK_DOMAIN
  - CLOUDSTACK_ACCOUNT
  - CLOUDSTACK_PROJECT

help to DRY on every task, args still have precedence.
2016-10-30 12:24:03 +01:00
Matt Clay
37580c7d70 Update submodule refs. 2016-10-29 23:28:23 -07:00
Sijis Aviles
b365f44fa1 Simplify surrogate check in to_text() (#18211)
* Simplify surrogate check in to_text()

* Simplify surrogateescape check even further
2016-10-29 09:12:02 -07:00
Nathaniel Case
4a067c3f50 Exception.message gone in 3.x (#18221)
* Exception.message gone in 3.x
2016-10-28 13:48:16 -04:00
Steve Kuznetsov
0bc35354ce Change v2_playbook_on_start logic to positively detect legacy plugins
In order to support legacy plugins, the following two method signatures
are allowed for `CallbackBase.v2_playbook_on_start`:

def v2_playbook_on_start(self):
def v2_playbook_on_start(self, playbook):

Previously, the logic to handle this divergence checked to see if the
callback plugin being called supported an argument named `playbook`
in its `v2_playbook_on_start` method. This was fragile in a few ways:
 - if a plugin author did not use the literal `playbook` to name their
   method argument, their plugin would not be called correctly
 - if a plugin author wrapped their `v2_playbook_on_start` method and
   by doing so changed the argspec to no longer expose an argument
   with that literal name, their plugin would not be called correctly

In order to continue to support both types of callback for backwards
compatibility while making the call more robust for plugin authors,
the logic can be reversed in order to have a positive check for the old
method signature instead of a positive check for the new one.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
2016-10-28 10:05:58 -07:00
Matt Davis
916fc25088 bump submodule refs 2016-10-28 09:45:13 -07:00
Michael Scherer
6052c1294b Cleanup StringIO import for module_utils/shell.py 2016-10-28 08:00:57 -07:00
Toshio Kuratomi
4c06ddced6 Update submodule refs 2016-10-28 07:46:43 -07:00
Chris Houseknecht
dceb2a0393 Remove extra display statements and add docs (#18229)
* Add docs for ansible-galaxy import --role-name option.

* Add docs for ansible-galaxy init --container-enabled option.
2016-10-28 00:38:39 -04:00
Monty Taylor
bd9ca5ef28 Allow setting alternate_role_name for galaxy CLI (#17418)
When using the ansible-galaxy CLI to import roles, it's not possible to
specify an alternate_role_name, even though the REST API seems to allow
such a thing (at least on investigation of the interactions the web app
makes) That makes importing things like:
openstack/openstack-ansible-os_cloudkitty wind up with roles named
"openstack-ansible-os_cloudkitty" instead of "os_cloudkitty".

Also, the web ui is smart and imports
"openstack-infra/ansible-role-puppet" as openstack-infra.puppet ... but
the CLI imports it as openstack-infra.ansible-role-puppet. Add that
filtering as well.

Issue ansible/galaxy-issues:#185
2016-10-27 22:34:59 -04:00
Chris Houseknecht
d60bc492b6 Add --container-enabled option to ansible-galaxy init command. (#18157) 2016-10-27 22:16:22 -04:00
jasdeep-hundal
679da00236 Fix OpenSSH-related ssh process exit race
Mitigate the effects of observing the ssh process still running
after seeing an EOF on stdout when using OpenSSH with
ControlPersist, since it does not close the stderr file descriptor
in this case.
2016-10-27 15:47:24 -07:00
Matt Robinson
4ff8890ec1 Set ansible_os_family correctly under KDE neon
As neon is derived from Ubuntu, ansible_os_family should have the value
"Debian" instead of "Neon".  Add a test case for KDE neon and set
os_family correctly for it.
2016-10-27 20:28:38 +01:00
Andrew Gaffney
e6d9a45cd0 Fix service_mgr detection for OpenWrt 2016-10-27 14:09:26 -04:00
Toshio Kuratomi
fda933723c Add hint that python3 might be too old
This limitation of python-3.4 mkstemp() is the final reason we made
python-3.5 our minimum version.  Since we know about it, give a nice
error to the user with a hint that Python3.4 could be the issue.

Fixes #18160
2016-10-27 07:45:14 -07:00
jctanner
5a0621db55 iterate through task results only if the key is not at the root level (#18214)
Fixes https://github.com/ansible/ansible-modules-core/issues/5396
2016-10-27 09:43:49 -04:00
Brian Coca
680cade77a simplified the code by removing repeats
(cherry picked from commit 84380b0ee4029212fc1637c008e07bb9958305c3)
2016-10-26 20:49:55 -04:00
Rene Moser
3763283d01 tasks_queue_manager: fix fork calculation if serial in % 2016-10-26 15:21:31 -04:00
Toshio Kuratomi
56086f3b9e A few fixes for python3
* socket interfaces take bytes so convert text strings to bytes when
  using them.
* Use b64encode() instead of str.encode('base64')
2016-10-26 11:47:40 -07:00
Matt Davis
f8482e335c bump core submodule ref for win_shell/win_command fix 2016-10-25 17:22:18 -07:00
John R Barker
525b672c0c Docs fragment for common a10 options (#18163) 2016-10-25 16:03:25 +01:00
jctanner
5502da3cf8 copy: Use the local file's mode for the argument if not explicitly given. (#17780)
* Use the local file's mode to for the argument if not explicitly given.

Fixes https://github.com/ansible/ansible-modules-core/issues/1124

* Fix octal mode for py3

* Implement preserve instead of null

* Remove duplicate line

* Update comment

* Use stat module per toshia's suggestion
2016-10-24 23:57:50 -04:00
Will
1f30bc8a6f Fix lxd_container module fails if certificate already in trust store
When the client certificate is already stored, lxd returns a JSON error with message "Certificate already in trust store". This "error" will occur on every task run after the initial run. The cert should be in the trust store after the first run and this error message should really only be viewed as informational as it does not indicate a real problem.

Fixes:
ansible/ansible-modules-extras#2750
2016-10-24 20:40:04 -07:00
Matt Davis
d1e1898b0e fix version check to support >=rc5 2016-10-24 20:01:41 -07:00
Foxlik
8bb01d4c29 Fix #10865
Slightly better handling of http headers from http (CONNECT) proxy. Buffers up to 128KiB of headers and raises exception if this size is exceeded.

This could be optimized further, but for the time being it does the trick.
2016-10-24 18:18:38 -07:00
Toshio Kuratomi
188ae18b1c Add a new potential su prompt
Two parts to this change:
* Add a new string that requests password
* Add a new glyph that can be used to separate the prompt from the
  user's input as it seems it can use fullwidth colon rather than colon.

Fixes #17867
2016-10-24 16:55:54 -07:00
Thomas Quinot
236c923c25 Filter out internal magic and connection variables from facts returns
Fixes #15925
2016-10-24 17:27:43 -05:00
Michael Riss
c05bad9f74 Improved caching for urls
- When there is no file at the destination yet, we have no modification time for the `If-Modified-Since`-Header. In this case trust the cache to make the right decision to either serve a cached version or to refresh from origin. This should help with mass-deployment scenarios where you want to use a local cache to relieve your uplink.
- If you don't trust the cache to make the right decision you can still force it to refresh by providing the `force: yes` option.
2016-10-24 16:13:38 -04:00
Rene Moser
e69d26270f handler: notify a handler by name _and_ listen
Before we only allowed either notify by name or listen and name had precedence.
2016-10-24 10:59:05 -04:00
Toshio Kuratomi
ce4330d986 Update submodule refs 2016-10-24 07:21:29 -07:00
Michael Scherer
6885797b03 Add support for getting network facts on GNU Hurd
Since ifconfig/ip are not present on the system, and there is no /proc
to be parsed, the only way to get information is by looking at the
argument of the pfinet translator, the process in charge of network.

In turn, this is done with fsysopts on the appropriate path, who return
something like this:

    # fsysopts -L /servers/socket/inet
    /hurd/pfinet --interface=/dev/eth0 --address=192.168.122.130
    --netmask=255.255.255.0 --gateway=192.168.122.1 --address6=fe80::5254:12:ced/10
    --address6=fe80::5054:ff:fe12:ced/10 --gateway6=::

So to get the IP addresses, one has to parse that string and fill the appropriate
structure.

More information on the system and on limitation can be found on
- https://www.gnu.org/software/hurd/hurd/translator/pfinet.html
- https://www.gnu.org/software/hurd/hurd/translator/pfinet/implementation.html
- https://www.debian.org/ports/hurd/hurd-install
2016-10-24 09:45:22 -04:00