It's not particularly obvious that removing an application will remove it
from ufw's own state, potentially leaving ports open on your box if you
upload your configuration.
Whilst this applies to a lot of things in Ansible, firewall rules might
cross some sort of line that justifies such a warning in his instance.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
1) Removed kubectl functionality. We'll move that into a different
module in the future. Also removed post/put/patch/delete options,
as they are not Ansible best practice.
2) Expanded error handling in areas where tracebacks were most likely,
based on bad data from users, etc.
3) Added an 'insecure' option and made the password param optional, to
enable the use of the local insecure port.
4) Allowed the data (both inline and from the file) to support multiple
items via a list. This is common in YAML files where mutliple docs
are used to create/remove multiple resources in one shot.
5) General bug fixing.
* Remove support for ancient zypper versions
Even SLES11 has zypper 1.x.
* zypper_repository: don't silently ignore repo changes
So far when a repo URL changes this got silently ignored (leading to
incorrect package installations) due to this code:
elif 'already exists. Please use another alias' in stderr:
changed = False
Removing this reveals that we correctly detect that a repo definition
has changes (via repo_subset) but don't indicate this as change but as a
nonexistent repo. This makes us currenlty bail out silently in the above
statement.
To fix this distinguish between non existent and modified repos and
remove the repo first in case of modifications (since there is no force
option in zypper to overwrite it and 'zypper mr' uses different
arguments).
To do this we have to identify a repo by name, alias or url.
* Don't fail on empty values
This unbreaks deleting repositories
* refactor zypper_repository module
* add properties enabled and priority
* allow changing of one property and correctly report changed
* allow overwrite of multiple repositories by alias and URL
* cleanup of unused code and more structuring
* respect enabled option
* make zypper_repository conform to python2.4
* allow repo deletion only by alias
* check for non-existant url field and use alias instead
* remove empty notes and aliases
* add version_added for priority and overwrite_multiple
* add version requirement on zypper and distribution
* zypper 1.0 is enough and exists
* make suse versions note, not requirement
based on comment by @alxgu
* add vmware maintenance mode support
* changed version number in documentation
* updated version_added to 2.0 since CI is failing
* changed version to 2.0 due to CI - error asking for 2.1
* added RETURN
* updated formatting of return values and added some to clarify actions taken
* Support for masquerade settings
Ability to enable and disable masquerade settings from ansible via:
- firewalld: mapping=masquerade state=disabled permanent=true zone=dmz
Placeholder added (mapping) to support masquerade and port_forward
choices initially - port_forward not implemented yet.
* Permanent and Immediate zone handling differentiated
* Corrected naming abstraction for masquerading functionality
Removed mapping tag with port_forward choices - not applicable!
* Added version info for new masquerade option
Pull Request #2017 failing due to missing version info
* Add SQS queue policy attachment functionality
SQS queue has no attribute 'Policy' until one is attached, so this special
case must be handled uniquely
SQS queue Policy can now be passed in as json
container_config:
- "lxc.network.ipv4.gateway=auto"
- "lxc.network.ipv4=192.0.2.1"
might try to override lxc.network.ipv4.gateway in the second entry as both
start with "lxc.network.ipv4".
use a regular expression to find a line that contains (optional) whitespace
and an = after the key.
Signed-off-by: Evgeni Golov <evgeni@golov.de>
before the following would produce four entries:
container_config:
- "lxc.network.flags=up"
- "lxc.network.flags =up"
- "lxc.network.flags= up"
- "lxc.network.flags = up"
let's strip the whitespace and insert only one "lxc.network.flags = up"
into the final config
Signed-off-by: Evgeni Golov <evgeni@golov.de>
The previous version of my regexp did not take into account packages
such as 'p5-Perl-Tidy' or 'p5-Test-Output', so use a greedy match up to
the last occurrance of '-' for matching the package. This regex has
been extensively tested using all packages as provided by pkgsrc-2016Q1[1].
Footnotes:
[1] http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/?only_with_tag=pkgsrc-2016Q1
Since user_key and app_token are used for authentication, I
suspect both of them should be kept secret.
According to the API manual, https://pushover.net/api
priority go from -2 to 2, so the argument should be constrained.
- make path to pkgin a global and stop passing it around; it's not going
to change while ansible is running
- add support for several new options:
* upgrade
* full_upgrade
* force
* clean
- allow for update_cache to be run in the same task as upgrading/installing
packages instead of needing a separate task for that
Only a small issue in results.
In case of type is ingress, we rely on ip address, but in results we also return the network.
Resolving the ip address works without zone params. If the ip address is not located in the default zone and zone param is not set,
the network won't be found because default zone was used for the network query listing.
However since network param is not used for type ingress we skip the return of the network in results.
At the moment, this only works when 'enable' is equals to 'yes' or 'no'.
While I'm on it, I also fixed a typo in the example and added a required
parameter.
* VMware datacenter module rewritten to don't hold pyvmomi context and objects in Ansible module object
fixed exceptions handling
added datacenter destroy result, moved checks
changed wrong value
wrong value again... need some sleep
* check_mode fixes
* state defaults to present, default changed to true
* module check fixes
Note that since cpanm version 1.6926 its messages are sent to stdout
when previously they were sent to stderr.
Also there is no need to initialize out_cpanm and err_cpanm and
check for their truthiness as module.run_command() and str.find()
take care of that.
* added stdout and stderr outputs
Added stdout and stderr outputs of the results from composer as the current msg output strips \n so very hard to read when debugging
* using stdout for fail_json
using stdout for fail_json so we get the stdout_lines array
with the default umask tar will create a world-readable archive of the
container, which may contain sensitive data
Signed-off-by: Evgeni Golov <evgeni@golov.de>
* do not use a predictable filename for the LXC attach script
* don't use predictable filenames for LXC attach script logging
* don't set a predictable archive_path
this should prevent symlink attacks which could result in
* data corruption
* data leakage
* privilege escalation