Commit graph

21033 commits

Author SHA1 Message Date
Brian Coca
5c4a4703d9 only validate extensions when using dir loading
fixes #18223

(cherry picked from commit 32a7b4ce71)
2016-11-03 07:31:32 -07:00
Patrick Uiterwijk
06599f49eb Fix adding the same trusted certificates multiple times (#18296)
If there is an intermittent network failure, we might be trying to reach
an URL multiple times. Without this patch, we would be re-adding the same
certificate to the OpenSSL default context multiple times.
Normally, this is no big issue, as OpenSSL will just silently ignore them,
after registering the error in its own error stack.
However, when python-cryptography initializes, it verifies that the current
error stack of the default OpenSSL context is empty, which it no longer is
due to us adding the certificates multiple times.
This results in cryptography throwing an Unknown OpenSSL Error with details:

OpenSSLErrorWithText(code=185057381L, lib=11, func=124, reason=101,
reason_text='error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table'),

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
(cherry picked from commit 77af3a68de)
2016-11-02 10:41:14 -07:00
Toshio Kuratomi
3a577966ba Add dnf fixes to changelog 2016-11-02 07:43:46 -07:00
Toshio Kuratomi
6824b1ea1e Update submodule refs 2016-11-02 07:42:07 -07:00
Daniel Menet
00bdada50e fix iteritems for python 3
(cherry picked from commit 19fdb58948)
2016-11-01 12:47:46 -07:00
Adrian Likins
32971e8639 Fix 'vault rekey' with vault secret env var
if ANSIBLE_VAULT_PASSWORD_FILE is set, 'ansible-vault rekey myvault.yml'
will fail to prompt for the new vault password file, and will use
None.

Fix is to split out 'ask_vault_passwords' into 'ask_vault_passwords'
and 'ask_new_vault_passwords' to make the logic simpler. And then
make sure new_vault_pass is always set for 'rekey', and if not, then
call ask_new_vault_passwords() to set it.

ask_vault_passwords() would return values for vault_pass and new
vault_pass, and vault cli previously would not prompt for new_vault_pass
if there was a vault_pass set via a vault password file.

Fixes #18247

(cherry picked from commit 309f54b709)
2016-11-01 13:13:10 -04:00
Toshio Kuratomi
70824e06b5 Update submodule refs 2016-11-01 08:04:24 -07:00
Steve Kuznetsov
e13f3e3c07 Change v2_playbook_on_start logic to positively detect legacy plugins
In order to support legacy plugins, the following two method signatures
are allowed for `CallbackBase.v2_playbook_on_start`:

def v2_playbook_on_start(self):
def v2_playbook_on_start(self, playbook):

Previously, the logic to handle this divergence checked to see if the
callback plugin being called supported an argument named `playbook`
in its `v2_playbook_on_start` method. This was fragile in a few ways:
 - if a plugin author did not use the literal `playbook` to name their
   method argument, their plugin would not be called correctly
 - if a plugin author wrapped their `v2_playbook_on_start` method and
   by doing so changed the argspec to no longer expose an argument
   with that literal name, their plugin would not be called correctly

In order to continue to support both types of callback for backwards
compatibility while making the call more robust for plugin authors,
the logic can be reversed in order to have a positive check for the old
method signature instead of a positive check for the new one.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
(cherry picked from commit 0bc35354ce)
2016-11-01 07:53:04 -07:00
jasdeep-hundal
6adbc7d64a Fix OpenSSH-related ssh process exit race
Mitigate the effects of observing the ssh process still running
after seeing an EOF on stdout when using OpenSSH with
ControlPersist, since it does not close the stderr file descriptor
in this case.

(cherry picked from commit 679da00236)
2016-11-01 07:53:04 -07:00
Matt Robinson
325bf617e9 Set ansible_os_family correctly under KDE neon
As neon is derived from Ubuntu, ansible_os_family should have the value
"Debian" instead of "Neon".  Add a test case for KDE neon and set
os_family correctly for it.

(cherry picked from commit 4ff8890ec1)
2016-11-01 07:53:04 -07:00
Michael Riss
2c572ba786 Improved caching for urls
- When there is no file at the destination yet, we have no modification time for the `If-Modified-Since`-Header. In this case trust the cache to make the right decision to either serve a cached version or to refresh from origin. This should help with mass-deployment scenarios where you want to use a local cache to relieve your uplink.
- If you don't trust the cache to make the right decision you can still force it to refresh by providing the `force: yes` option.

(cherry picked from commit c05bad9f74)
2016-11-01 07:53:04 -07:00
Toshio Kuratomi
503537eb25 Update for pip fix 2016-11-01 07:45:36 -07:00
James Cammarata
cdec853e37 New release v2.2.0.0-1 2016-10-31 22:20:38 -05:00
James Cammarata
23812ab87d Updating CHANGELOG for CVEs fixed in 2.2.0 2016-10-31 22:19:37 -05:00
Nathaniel Case
1f80e35312 Exception.message gone in 3.x (#18221)
* Exception.message gone in 3.x
(cherry picked from commit 4a067c3f50)
2016-10-31 11:17:06 -07:00
Toshio Kuratomi
c07f6d1bdd Update submodule refs 2016-10-31 11:11:07 -07:00
Toshio Kuratomi
d559355b29 Add tests for dnf modelled after the yum tests (#18226)
(cherry picked from commit 02859a3e32)
2016-10-31 10:57:11 -07:00
Sijis Aviles
219a20277f Simplify surrogate check in to_text() (#18211)
* Simplify surrogate check in to_text()

* Simplify surrogateescape check even further

(cherry picked from commit b365f44fa1)
2016-10-29 09:12:39 -07:00
Michael Scherer
3de9d8373b Cleanup StringIO import for module_utils/shell.py
(cherry picked from commit 6052c1294b)
2016-10-28 08:01:42 -07:00
James Cammarata
9d4ce0a94e New release v2.2.0.0-0.4.rc4 2016-10-27 13:41:06 -05:00
Toshio Kuratomi
c5d4134f37 Add hint that python3 might be too old
This limitation of python-3.4 mkstemp() is the final reason we made
python-3.5 our minimum version.  Since we know about it, give a nice
error to the user with a hint that Python3.4 could be the issue.

Fixes #18160

(cherry picked from commit fda933723c)
2016-10-27 07:45:34 -07:00
jctanner
95a8bbdbda iterate through task results only if the key is not at the root level (#18214)
Fixes https://github.com/ansible/ansible-modules-core/issues/5396
(cherry picked from commit 5a0621db55)
2016-10-27 09:46:06 -04:00
Rene Moser
1ebc94f290 tasks_queue_manager: fix fork calculation if serial in %
(cherry picked from commit 3763283d01)
2016-10-26 15:27:05 -04:00
Toshio Kuratomi
a2df07ade3 A few fixes for python3
* socket interfaces take bytes so convert text strings to bytes when
  using them.
* Use b64encode() instead of str.encode('base64')

(cherry picked from commit 56086f3b9e)
2016-10-26 11:49:05 -07:00
Foxlik
6b603b026c Fix #10865
Slightly better handling of http headers from http (CONNECT) proxy. Buffers up to 128KiB of headers and raises exception if this size is exceeded.

This could be optimized further, but for the time being it does the trick.
(cherry picked from commit 8bb01d4c29)
2016-10-26 11:48:47 -07:00
Matt Davis
deb1e3ebc7 bump core submodule ref for win_shell/win_command fixes 2016-10-25 17:40:08 -07:00
Matt Davis
79e43925b1 add large interleaved stdout/stderr integration tests for win_shell/win_command
(cherry picked from commit c1b7d2e560)
2016-10-25 17:38:25 -07:00
Matt Davis
0eb23f5a86 fix version check to support >=rc5
(cherry picked from commit d1e1898b0e)
(cherry picked from commit 12a38bc75f)
2016-10-25 17:37:16 -07:00
Matt Davis
066a360a36 backport various docker_common fixes from devel
(cherry picked from commit b5c95ea6fa)
2016-10-25 17:34:56 -07:00
Will
731422a6dc Fix lxd_container module fails if certificate already in trust store
When the client certificate is already stored, lxd returns a JSON error with message "Certificate already in trust store". This "error" will occur on every task run after the initial run. The cert should be in the trust store after the first run and this error message should really only be viewed as informational as it does not indicate a real problem.

Fixes:
ansible/ansible-modules-extras#2750
(cherry picked from commit 1f30bc8a6f)
2016-10-24 20:41:24 -07:00
Toshio Kuratomi
96d3f06743 Add a new potential su prompt
Two parts to this change:
* Add a new string that requests password
* Add a new glyph that can be used to separate the prompt from the
  user's input as it seems it can use fullwidth colon rather than colon.

Fixes #17867

(cherry picked from commit 188ae18b1c)
2016-10-24 16:58:13 -07:00
James Cammarata
eafb4043c9 New release v2.2.0.0-0.3.rc3 2016-10-24 18:39:31 -05:00
Thomas Quinot
35938b907d Filter out internal magic and connection variables from facts returns
Fixes #15925

(cherry picked from commit f826370ab8befacf2e8867ee3d7e2b814a3da385)
2016-10-24 17:27:33 -05:00
Sam Doran
bab1ac1d5c Fish hacking setup fix (#18084)
* Remove old egg-info files before creating new ones

Currently, setup.py generates egg files then they are deleted. This change
fixes this behavior and matches that in env-setup.

* Do not try to move ansible*egg-info to lib/

setup.py creates the ansible.egg-info in lib/ so this step is unnecessary. Matches env-setup behavior.

* Better test for number of arguments in argv

This prevents an erronous error message from being thrown since set -q returns an error code with the number of variables not defined, resulting in a non-zero exit if no arguments are passed.

Indent case statement within switch statement.

(cherry picked from commit cf8639ff62)
2016-10-24 10:35:36 -07:00
Robin Roth
f3fc029726 Change all links in readme to https
Fixes #17954
2016-10-24 09:50:01 -07:00
Rene Moser
e4ebe721f5 handler: notify a handler by name _and_ listen
Before we only allowed either notify by name or listen and name had precedence.

(cherry picked from commit e69d26270f)
2016-10-24 10:59:38 -04:00
Toshio Kuratomi
2fa12438dd Update submodule refs to pick up python3 fix for uri 2016-10-24 07:20:24 -07:00
Toshio Kuratomi
9d82a3aa0c Fix the uri testserver to run on python3
(cherry picked from commit 589e71dbc5)
2016-10-24 06:51:10 -07:00
Adrian Likins
fef9de30d9 test-module _ansible_selinux_special_fs arg added
modules need to have _ansible_selinux_special_fs passed in
as an arg, so add the default to the args.

(cherry picked from commit cf39a1abab)
2016-10-24 09:14:35 -04:00
Matt Davis
5169252641 bump core submodule ref for win async bugfix 2016-10-24 00:04:16 -07:00
Matt Davis
4d5368e93b reenable win_async loop test
(cherry picked from commit 9a78273665)
2016-10-24 00:03:42 -07:00
Toshio Kuratomi
02ed599035 Update submodule refs 2016-10-23 16:55:29 -07:00
Michael Scherer
bf503e4ff2 Fix 18151, by converting float to int
(cherry picked from commit 6a76a9299d)
2016-10-23 14:01:18 -07:00
Michael Scherer
9022862624 Fix some errors in CHANGELOG.md (#18149)
(cherry picked from commit a1032bc44b)
2016-10-23 13:17:53 +02:00
Daniel Yates
6c118252b6 Correctly read use_private_network as boolean
This fixes the use of public IPs in the discovered hosts by
ensuring that the use_private_network check doesn't always evaluate
to False if the associated .ini file specifies this option.

(cherry picked from commit 39e86ae2bc)
2016-10-23 13:17:26 +02:00
Nijin Ashok
e97a00de9e Fix improper handling of machine_type in ovirt inventory (#16251)
Currently the machine_type will not work if the instance type is set in ovirt. In that case, inst.get_instance_type will be an object and will fails while converting to json. This only work if the instance type is not set in ovirt where inst.get_instance_type is a Null value. The current change make sure that correct "instance type" is passed when instance is set in ovirt and Null when it's not set in ovirt.
(cherry picked from commit 1f3d82dd18)
2016-10-23 02:15:22 +02:00
stephane
f5240d2953 Set Suse family for openSUSE Tumbleweed & Leap
On openSUSE Tumbleweed, lsb-release -a currently reports
the distributor ID as "openSUSE Tumbleweed". On openSUSE
Leap, the distributor ID is "SUSE LINUX".

Add them to the OS_FAMILY dict as Suse family systems.

Also add an entry to TESTSETS in test_distribution_version.py
for openSUSE Tumbleweed.

(cherry picked from commit 77868a4104)
2016-10-23 02:05:32 +02:00
Matt Robinson
92c851a894 Make bcrypt + passlib work in password_hash filter
If hashtype for the password_hash filter is 'blowfish' and passlib is
available, hashing fails as the hash function for this is named 'bcrypt'
(and not 'blowfish_crypt').  Special case this so that the correct
function is called.

(cherry picked from commit 692bfa872a)
2016-10-23 01:50:26 +02:00
Toshio Kuratomi
84485c29ee Add changelog for apt_key 2016-10-22 09:06:33 -07:00
Toshio Kuratomi
806fc1ac74 submodule ref update to pull in apt and apt_key fixes 2016-10-22 08:57:30 -07:00