Previously the changed code was necessary, however it is now problematic
as we've started using the is_failed() method in other places in the code.
Additional changes at the strategy layer should make this safe to remove
now.
Fixes#15625
Fixes#15745
Applies conditional forwarding to all tasks/roles within the included playbook.
The existing line only applies forwarded conditionals to the main Task block, and misses pre_, post_, and roles.
Typo ::
Made a selection mistake when I copied over the one line change
In VariableManager, we fetch the params specifically in the next step,
so including them in the prior step is unnecessary and could lead to things
being overridden in an improper order.
In Block, we should not be getting the params for the role as they are
included earlier via the VariableManager.
Fixes#14411
This patch adds the port argument as a valid parameter to the f5_spec.
This argument is supported in bigsuds version 1.0.4 and greater, so
this patch uses the __version__ variable of the bigsuds module to
determine when the port value should be honored by the module.
By default the `Shell` class disables ssh agents. The `junos_netconf`
module uses this class, but doesn't re-enable agents.
Here it's explicitly enabled again, so an ssh agent can be used to
connect to and configure Junos devices.
* Don't filter hosts remaining based on their failed state. Instead rely
on the PlayIterator to return None/ITERATING_COMPLETE when the host is
failed.
* In the free strategy, make sure we wait outside the host loop for all
pending results to be processed.
* Use the internal _set_failed_state() instead of manually setting things
when a failed child state is hit
Fixes#15623
In `lib/ansible/executor/play_iterator.py`, ansible sets a host's
`_gathered_facts` property to `True` without checking to see if there
are any tasks to be executed. In the event that the entire play is
skipped, `_gathered_facts` will be `True` even though the `setup`
module was never run.
This patch modifies the logic to only set `_gathered_facts` to `True`
when there are tasks to execute.
Closes#15744.
This changeset addresses the issue reported here:
ansible/ansible-modules-core#1765
The yum module (at least) includes its task results as strings, rather than
dicts, and the code this changeset replaces assumed that in that instance the
task was skipped. The updated behaviour assumes that the task has been
skipped only if:
* results exist, and
* all results are dicts that include a truthy skipped value
Issue #15633 observes that a meta: inventory_refresh task causes the playbook
to exit. An inventory refresh flushes all caches and rebuilds all host
objects, assigning new UUIDs to each. These new host UUIDs currently fail to
match those on host objects stored for restrictions in the inventory, causing
the playbook to exit for having no hosts to run further tasks against.
This changeset attempts to address this issue by storing host restrictions
by name, and comparing inventory host names against these names when applying
restrictions in get_hosts.
* better fix for arch version detection
fixes #15696
* be extra safe about tracebacks in facts.py
* add comments to explain the setup
* make allowempty more conservative, ignore file content
* wrap function call in try/except
* should never happen, but if it happens the bug should be distribtion=N/A and not a traceback
* When var name is the same as var content, try to template it before reporting that var is not defined.
Add asserts in test_var_blending to check this special corner case.
* Fix integration tests when using debug with list or dict.
It wasn't doing anything that a literal couldn't do and used
unicode_escape which only understands latin1 (The author of the code
seems to have thought it took an encoding argument but it looks like
that was silently ignored.)
This was reinitialized every time we forked before so we weren't sharing
the same Locks. It also was not accounting for modules which were
directly invoked by an action plugin instead of going through the
strategy plguins.
* add tests for centos6, rhel6 and rhel7
* gen_distribution_version_testcase with python2.6
* remove unused imports
* fix redhat/vmware/... parsing
* add centos7 test case
* Make ziploader's ansible and ansible.module_utils libraries into
namespace packages.
* Move __version__ and __author__ from ansible/__init__ to
ansible/release.py. This is because namespace packages only load one
__init__.py. If that is not the __init__.py with the author and
version info then those won't be available.
* In ziplaoder, move the version ito ANSIBLE_CONSTANTS.
* Change PluginLoader to properly construct the path to the plugins even
when namespace packages are present.
* split code as separate class
* split different distributions as individual functions
* keep program logic mostly identical (for now)
* increase readability, reduce complexity/indentation
* make future testing/refactoring easier
* step towards making distribution parsing independent of the Facts class
* add some changes to make facts.py python3 parsable
* Add shared functionality to return list of security group IDs from list of security group names - this functionality can be used by nearly all ec2 modules
* Improved doc string for get_ec2_security_group_ids_from_names function
* Clarify exception handling in EOS
Also modify to EOS to standardize modules. It makes vimdiff a lot less angry
* Move IOS exception handling into Cli
* Move IOS-XR exception handling into Cli
* Move JUNOS exception handling into Cli
* Move NXOS exception handling into Cli
And reorganize to make it match the other modules
* Move OpenSwitch exception handling into Cli
More speculative restructuring here
added warnings for invalid kwargs
sniff supported authtypes (for new pywinrm)
use default authtypes (for old pywinrm)
error on unsupported authtype
allow no username/password to be specified (kerb SSO)
tested w/ old and new pywinrm
hacky CLIXML parsing of stderr
* HTTPError can also function as a non-exceptional file-like return value (the same thing that urlopen() returns)
* HTTPError - adding response to info dictionnary
* HTTPError - adding response to info dictionnary
* HTTPError - adding body response to info dictionnary
* use list of possible directories directly instead of checking distribution info
* this could fail if someone has keys in one of the other directories, but there could also be custom ssh key directories, which
are not checked at all
* this is work towards separating Facts from Distribution in facts.py
Ensure that initial setup in creating the key directory for ansible
accelerate mode keys, and generation/storage of the key for a
particular host are completed in a multiprocess safe manner.
Creating directories/files and then assigning permissions and contents
to them means that paths may exist and satisfy the os.path.exists()
method in python for other processes before they are usable.
Use a combination of locking around operations with use of unique named
files and an OS file system move to ensure that the conditions of
checking whether a file or directory exists, where it is potentially
created by another thread, will only succeed when the file has both the
correct contents and permissions.
Fixes#13850
Previously we were first checking the fail/run state of the child
state for tasks/rescue/always portions of the block. Instead we are now
always recursively iterating over the child state and then evaluating
whether the child state is failed or complete before changing the failed/
run state within the current block.
Fixes#14324
This update will attempt to guess the file format based on the template
extension if the format argument isnt set. It will also set the commit
comment to the task name if the comment isnt' explicitly defined.
This adds a check to validate the arugment for config_format kwarg in
get_config. If the specified format is not a valid option, the shared
module will call fail_json
Netconf support is provided using the junos-eznc library and the shared
module depends on junos-eznc to be installed on the local Ansible host. This
commit also adds changes to the netcfg library to handle receiving messages
over netconf.
To use netconf, specify transport=netconf for junos module. Be sure that
netconf has been enabled on the remote device.
Which we're use on a case-by-case basis if we find people were actually
using comma-separated strings for list values outside of hosts. Support
for doing so is now deprecated and users should instead use the full
YAML syntax for lists of values.
Fixes#15291
* Don't rely on username to check for root privileges
The SSH username isn't a reliable way to check if we've got root privileges on
the remote system (think "toor" on FreeBSD). Because of this check, Ansible
previously tried to use the fallback solutions for granting file access (ACLs,
world-readable files) even on systems where it had root privileges when the
remote username didn't match the literal string "root".
Instead of running checks on the username, just try using `chmod` in any case
and fall back to the previous "non-root" solution when that fails.
* Fail if we are root and changing ownership failed
Since this code is security sensitive we document exactly the expected
permissions of the temporary files once this function has run. That way
if a flaw is found in one end-result we know more precisely what scenarios
are affected and which are not.
Instead of using the old OpenSwitch runconfig, we'll use
Mir's new ops.dc declarative config for the DC interaction
with OpenSwitch. This gives us the clearer separation between
ansible and the OpenSwitch, as well as the performance
improvement done inside the ops.dc module itself.
Squashed the original Mir's change into single commit.
Tested-by: Kei Nohguchi <kei@nohguchi.com>
* Move zipcache temp dir creation into the locked section otherwise it
races with other workers.
* Catch IOError and turn it into an AnsibleError. IOErrors can hang
multiprocessng.