cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
26353 commits 47 branches 390 tags 440 MiB
Commit graph

12968 commits

Author SHA1 Message Date
Evgeni Golov
1847f19e41 don't create world-readable archives of LXC containers 
with the default umask tar will create a world-readable archive of the

container, which may contain sensitive data

Signed-off-by: Evgeni Golov <evgeni@golov.de>
 2016-12-08 11:34:03 -05:00
Michael Scherer
3b79c1621b Prevent password leaks in notification/irc 2016-12-08 11:34:03 -05:00
Michael Scherer
67b2623e92 Use no_log=True for campfire module to avoid leaks 2016-12-08 11:34:03 -05:00
Michael Scherer
f2bf444395 Set no log for jabber.py password 2016-12-08 11:34:03 -05:00
Evgeni Golov
16b2d85d34 do not use a predictable filenames in the LXC plugin 
* do not use a predictable filename for the LXC attach script

* don't use predictable filenames for LXC attach script logging

* don't set a predictable archive_path

this should prevent symlink attacks which could result in

* data corruption

* data leakage

* privilege escalation
 2016-12-08 11:34:03 -05:00
Michael Scherer
f47a756c46 Add proper type to cpanm arguments 
from_path, locallib, executable should be path to benefits
from path expansion for ~user.
 2016-12-08 11:34:03 -05:00
Chulki Lee
432a9a31ca osx_defaults: fix datetime 
Fix #1742
 2016-12-08 11:34:02 -05:00
Matt Martz
c8bd27f1e8 Rebase PRs against $TRAVIS_BRANCH before performing tests 2016-12-08 11:34:02 -05:00
mo@oclab.net
20fd04b9e7 firewalld: fixes documentation 
- removes warning, aligning to existing documentation
- adds version
 2016-12-08 11:34:02 -05:00
mo@oclab.net
8b2d484032 firewalld: add/remove interfaces to/from zones 2016-12-08 11:34:02 -05:00
David Hocky
aabd6390d4 fix dscp marking documentation in iptables module 2016-12-08 11:34:02 -05:00
Evgeni Golov
88d8820f1b explicitly set "default: null" in the docs 2016-12-08 11:34:02 -05:00
Evgeni Golov
e1846d2e4b do not set a default config for lxc containers 
otherwise deploying user-containers fail as these require information
from ~/.config/lxc/default.conf that the LXC tools will load if no
--config was supplied

Signed-off-by: Evgeni Golov <evgeni@golov.de>
 2016-12-08 11:34:02 -05:00
Chris Porter
2b8b04638d fix security vulnerability in lxc module 
octal/decimal confusion makes file world-writable before executing it
 2016-12-08 11:34:02 -05:00
Hans-Joachim Kliemeck
e3d8facc7f fixxed tests 2016-12-08 11:34:02 -05:00
Hans-Joachim Kliemeck
c82d72e12a fixed problems related to userpricincipalname (user@domain) and undefined variables fixed variable capitalization 2016-12-08 11:34:02 -05:00
Hans-Joachim Kliemeck
186197397c fixxed problem with match @ 2016-12-08 11:34:02 -05:00
Hans-Joachim Kliemeck
9ba30d2cea only call set-acl if necessary 2016-12-08 11:34:02 -05:00
Hans-Joachim Kliemeck
700ca56c61 as suggested by @marcind, convert to boolean 2016-12-08 11:34:02 -05:00
Hans-Joachim Kliemeck
404483ea83 fixed documentation 2016-12-08 11:34:02 -05:00
Hans-Joachim Kliemeck
de4a271dd0 added userprincipal support 2016-12-08 11:34:02 -05:00
Hans-Joachim Kliemeck
65d5658553 added separate module to change owner, since win_acl is ACL only and should not be more complex 2016-12-08 11:34:02 -05:00
Marcos Diez
1aec0a3ffb mongodb_user.py: changes on comments 2016-12-08 11:34:01 -05:00
Marcos Diez
37ba9a3fe1 mongodb_user: fix checking if the roles of an oplog reader user changed 2016-12-08 11:34:01 -05:00
Guillaume Dufour
dc83f2c6d7 use python fallback to avoid error on old mongo version without roles 2016-12-08 11:34:01 -05:00
Guillaume Dufour
467d9a8090 avoid problem with old mongo version without roles 2016-12-08 11:34:01 -05:00
Guillaume Dufour
b07e1c13f7 fix #1731 : mongodb_user always says changed 2016-12-08 11:34:01 -05:00
John Barker
d20b7ee6e6 restore version_added in dynamodb_table.py 2016-12-08 11:34:01 -05:00
Matt Hite
846a538648 Allow port 0 as a valid pool member port 2016-12-08 11:34:01 -05:00
Jason Witkowski
48931065e5 The current module supporting F5 BIGIP pool creation does not support a setup where the port number must be zero to signify the pool will listen on multiple ports. This change implements that functionality and fixes an illogical conditional. 2016-12-08 11:34:01 -05:00
Michael Scherer
a21ab5b990 Use type='path' for reposdir, since that's a path 2016-12-08 11:34:01 -05:00
Rene Moser
051b11b983 openstack: doc: add return doc, fixes build 2016-12-08 11:34:01 -05:00
Paul Seiffert
48223fd268 Allow Datadog metric alerts to define multiple thresholds 2016-12-08 11:34:01 -05:00
David Shrewsbury
33d3616bab Add OpenStack os_user_role module 2016-12-08 11:34:01 -05:00
Michael Scherer
dc94ce72c7 Use boolean instead of "yes" + choice for most option 
This enable a more standard behavior with others modules
 2016-12-08 11:34:01 -05:00
Michael Scherer
2a0c9bb3a2 Use type 'path' for rootdir, for pkgng 2016-12-08 11:34:01 -05:00
Michael Gruener
bdeb5af740 cloudflare_dns: Cosmetic cleanup 2016-12-08 11:34:01 -05:00
Michael Gruener
90503c9f2a cloudflare_dns: normalize return value and docs 2016-12-08 11:34:00 -05:00
Michael Gruener
95f270089b cloudflare_dns: Cleanup record update handling 2016-12-08 11:34:00 -05:00
Michael Gruener
78640328cb cloudflare_dns: Allow CNAME content updates 2016-12-08 11:34:00 -05:00
Michael Gruener
41ed47d66e cloudflare_dns: Fix solo SRV record creation 2016-12-08 11:34:00 -05:00
Michael Gruener
85d41db922 cloudflare_dns: Fix SRV record idempotency 2016-12-08 11:34:00 -05:00
Pavel Sychev
594c9ff217 Added version restriction for uid_owner and reject_with. 2016-12-08 11:34:00 -05:00
Pavel Sychev
0c888bd19f Added docs for reject_with and uid_owner. 2016-12-08 11:34:00 -05:00
Pavel Sychev
30bd75e3ae Added reject_with and uid_owner support. 2016-12-08 11:34:00 -05:00
Julien Recurt
5d68e4fe06 Add option to use ZabbixApi via auth basic protection 2016-12-08 11:34:00 -05:00
Linus Unnebäck
5f9d5c1403 make: move down ansible import 2016-12-08 11:34:00 -05:00
Linus Unnebäck
e79e024016 make: add empty return docs 2016-12-08 11:34:00 -05:00
Linus Unnebäck
d605860b39 module: system/make 2016-12-08 11:34:00 -05:00
Tyler Cross
c84bd72496 Add note server 2012 note to win_scheduled_task. 
This change adds a note to the win_scheduled_task module
docs that indicates Windows Server 2012 or later is required.
This is because the module relies on the Get-ScheduledTask
cmdlet, which is a part of the Server 2012 OS. Previous
versions, like Server 2008, simply can't work with this
module.
 2016-12-08 11:34:00 -05:00
Brian Coca
0ebabc50e4 change name to be a list type 
remove implicit split that expects a , separated string, let list type
deal with multiple possible compatible input types.
also removed unused imports
 2016-12-08 11:34:00 -05:00
David Shrewsbury
2dddfbe67c Add shade version check to os_flavor_facts 
The range_search() API was added to the shade library in version
1.5.0 so let's check for that and let the user know they need to
upgrade if they try to use it.
 2016-12-08 11:34:00 -05:00
Chris Tooley
b2c7d28f41 Modify consul certificate validation bypass keyword from 'verify' to 'validate_certs' 2016-12-08 11:34:00 -05:00
Chris Tooley
ca1efafc50 Add version_added to documentation 2016-12-08 11:33:59 -05:00
Chris Tooley
6c41d9cd38 Add https support for consul clustering modules 2016-12-08 11:33:59 -05:00
Brian Coca
41af347d8d renamed sl to sl_vm and updated docs 
namespace for softlayer modules should now be sl_
 2016-12-08 11:33:59 -05:00
Matt Colton
8f444b8c4b Added Softlayer Module 2016-12-08 11:33:59 -05:00
Dag Wieers
67222d9b5b Update the issue and pull-request templates in sync with ansible/ansible 2016-12-08 11:33:59 -05:00
Julia Kreger
011267c04e Add os_ironic_inspect module 
Addition of an os_ironic_inspect module to leverage the OpenStack
Baremetal inspector add-on to ironic or ironic driver out-of-band
hardware introspection, if supported and configured.
 2016-12-08 11:33:59 -05:00
James Slagle
b7ef068d3e Add quotes and equals for set option documentation 
set is an option for the openvswitch_port module, however the documentation
example omitted the equals sign and quotes around the option value.
 2016-12-08 11:33:59 -05:00
Matthew Gamble
b58eaca7e8 Remove dead code from pacman module 
The manual check to see if get_bin_path() returned anything is
redundant, because we pass True to the required parameter of
get_bin_path(). This automatically causes the task to fail if the pacman
binary isn't available. Therefore, the code within the if statement
being removed is never called.
 2016-12-08 11:33:59 -05:00
Guillaume Dufour
8227105f02 fix #1747 mongodb_user support check mode 2016-12-08 11:33:59 -05:00
Ricardo Carrillo Cruz
ba3515bc30 Allow passing domain name on os_project 2016-12-08 11:33:59 -05:00
Rene Moser
7a28ad63f7 dynamodb_table: doc fix 2016-12-08 11:33:59 -05:00
Matt Ferrante
99c8e82b60 dynamo db indexes 2016-12-08 11:33:59 -05:00
Michael Scherer
eefd716e8c Add better type checking for elasticsearch_plugin 2016-12-08 11:33:59 -05:00
Michael Scherer
4c63a958e5 Use no_log for the password for maven_artifact module 2016-12-08 11:33:59 -05:00
Michael Scherer
9f90c2355f Add the proper type for the various path argument 2016-12-08 11:33:59 -05:00
Casey Lucas
4cd9933388 fix edge case where boto returns empty list after subnet creation 2016-12-08 11:33:59 -05:00
Michael Gruener
1d0ae2f4ed cloudflare_dns: Fix wrong variable name 2016-12-08 11:33:58 -05:00
Emilien Macchi
1c94395a96 system/puppet: allow to run puppet -e 
-e or --execute [1] allows to execute a specific piece of Puppet code
such a class.

For example, in puppet you would run:
puppet apply -e 'include ::mymodule'

Will be in ansible:
puppet: execute='include ::mymodule'

[1] http://docs.puppetlabs.com/puppet/latest/reference/man/apply.html#OPTIONS
 2016-12-08 11:33:58 -05:00
Andrea Scarpino
45a32137ad win_unzip: Use absolute path for src and dest 
win_unzip fails to extract files when either src or dest contains
complex paths such as "..\..\" or "C:\\Program Files" (double slashes).
Fix this by fetching absolute path of both before invoking CopyHere
method.
 2016-12-08 11:33:58 -05:00
jhawkesworth@users.noreply.github.com
d2fe2287f9 Added return documentation to win_regmerge module 2016-12-08 11:33:58 -05:00
Michael Scherer
184d9fc4e5 Fix type used by the module 
Set int for the various port (and so avoid to convert them later)
Set no_log=True for the login_password
Verify that db is a int, so avoid a conversion
 2016-12-08 11:33:58 -05:00
Michael Scherer
8abe22c917 Fix ssl to be a bool, required to fix #1732 
May also fix #1869
 2016-12-08 11:33:58 -05:00
Michael Scherer
1a05e0f1c8 Use proper type for riak config_dir argument 2016-12-08 11:33:58 -05:00
Michael Scherer
49aa069c94 Add proper type to path and link 
Since both of them are path, it should be checked using the
proper type.
 2016-12-08 11:33:58 -05:00
Michael Scherer
2760c2ded0 Reindent with_items, fix #1849 2016-12-08 11:33:58 -05:00
Dennis Conrad
0254cbad9a Fix for existing ENIs w/ multiple security groups 
Do a sorted comparison of the list of security groups supplied via `module.params.get('security_groups')` and the list of security groups fetched via `get_sec_group_list(eni.groups)`.  This fixes an incorrect "The specified address is already in use" error if the order of security groups in those lists differ.
 2016-12-08 11:33:58 -05:00
Andrea Scarpino
f56c557a93 Fix issue #1406 about win_firewall_rule 
I changed the logic here to always use 'netsh ... show rule' keywords as keys for $fwsettings map. While the translation (e.g. Enabled -> enable) is performed when invoking 'netsh ... add rule' command.

I tested rule creation and rule creation when the rule was already existing on Windows Server 2012.
 2016-12-08 11:33:58 -05:00
Andrea Scarpino
e16bd19401 win_unzip: overwrite any existing file 2016-12-08 11:33:58 -05:00
Rob White
7b0b4262e5 Allow SNS topics to be created without subscriptions. Also added better error handling around boto calls. 2016-12-08 11:33:58 -05:00
Fernando J Pando
be083a8fbe author added 2016-12-08 11:33:58 -05:00
Fernando J Pando
6d69956f83 Fix SNS topic attribute typo 
Enables adding SNS topic policy. 'Policy' attribute is capitalized.
 2016-12-08 11:33:58 -05:00
Joel Thompson
61672e5c61 Ensure ec2_win_password doesn't leak file handle 
Currently the module doesn't explicitly close the file handle. This
wraps the reading of the private key in a try/finally block to ensure
the file is properly closed.
 2016-12-08 11:33:58 -05:00
Rene Moser
b92b30e3b3 ec2_vpc_dhcp_options: doc fix, add version_added to new args 
See #1640
 2016-12-08 11:33:58 -05:00
Andy Nelson
5718a5caac Updated ec2_vpc_dhcp_options 2016-12-08 11:33:57 -05:00
Justin Good
f85f575a58 Add support for recursive znode deletion 2016-12-08 11:33:57 -05:00
James Moore
0ecaea3ac1 Added a source parameter for setting the JIT client name 2016-12-08 11:33:57 -05:00
Darek Kaczyński
9e918b5955 Removed debug return values 2016-12-08 11:33:57 -05:00
Darek Kaczyński
7127a45d96 ecs_service will now compare whole model and update it if any difference found. Documentation #1483. Workaround for datetime fileds #1348. 2016-12-08 11:33:57 -05:00
Darek Kaczyński
9b27ed6c5d ecs_service_facts documentation fixes #1483. Workaround for datetime fileds #1348. 2016-12-08 11:33:57 -05:00
Nate Smith
b820017ed0 Allow numeric npm package versions 
When passing a package version that parses as a number (e.g. `1.9`), the version should be converted to a string before being concatenated to the package name.
 2016-12-08 11:33:57 -05:00
Ritesh Khadgaray
d8ea847739 zabbix_host : add the ability to set inventory_mode 2016-12-08 11:33:57 -05:00
Rene Moser
427ab2f016 osx_defaults: doc fix, add version_added for host agrument 
See #1364
 2016-12-08 11:33:57 -05:00
Greg Hurrell
a58a91410d osx_defaults: add "host" attribute 
This allows us to configure defaults using the `-currentHost` or `-host`
arguments to the `defaults` executable.
 2016-12-08 11:33:57 -05:00
Alex Kalinin
e97ca89953 Fix vmware_portgroup throwing an error if port group already exists 2016-12-08 11:33:57 -05:00
t.goto
8a3c60cfd2 add exit_json 
add exit_json code to succesfully exit, when you want to delete the already
deleted host.
Without this, playbook fails with
`Specify at least one group for creating host`
which is not correct message.
 2016-12-08 11:33:57 -05:00
t.goto
b03d1da393 change host.delete() parameter for newer ZBX api. 
As of Zabbix API 2.4, host.delete() will not takes parameter with
`hostid` property but only the array of it.
https://www.zabbix.com/documentation/2.2/manual/api/reference/host/delete

fix #1800
 2016-12-08 11:33:57 -05:00
nonshankus
30d76cd37c Fixing win_updates example for listing available updates. 2016-12-08 11:33:57 -05:00