Currently, when writing user's crontab, ansible calls
crontab <file> -u <user>
This is incorrect according to crontab(1) on both FreeBSD and Linux,
which suggest that file argument should be the last.
At least on FreeBSD, this leads to incorrect cron module bahavior which
writes to root's crontab instead of users's
Fallback to unzip if zipfile fails and hope that unzip can deal with it
(sites have an easier time upgrading the unzip utility than all of
python).
https://bugs.python.org/issue3997Fixes#3560
packaging/language/pip.py:
virtualenv option:
Mention that virtualenv is created if it does not exist.
(Explicit is better than implicit.)
Mention other relevant options.
notes:
initialized -> created
Wrap long lines.
This is to address this error:
fatal: [site]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to connect to S3: Region does not seem to be available for awsmodule boto.s3. If the region definitely exists, you may need to upgrade boto or extend with endpoints_path"}
Commit 0dd58e9 changed the logic so an exception is thrown (by
`connect_to_aws`) before the `s3 is None` check is performed. This
changes the `None` check to a catch so the old logic can compensate.
This fix passing the update variable to the str()
so that it avoids the exception when ops.dc.read()
returns a dictionary which contains non-string keys.
This is due to the fact that some of the key types in
OpenSwitch schema are actually defined as integer
and ops.dc declerative config module encode those
in integer inside the dictionary. This could be
the right encoding from the schema point of view
but someone needs to convert it to the string
somewhere, as JSON key should be string.
In the mysql_user module, login_host is defined as "localhost". Setting this to localhost also fixes Ubuntu 16.04 support.
To make it more consistent in the future, the params in all mysql modules should move to module utils. I'll take care.
Also fixed a few other things along.
- httpd removed from control_binaries
- check for enabled module after running a2enmod/a2dismod
- fail, if user has no permissions to run control_binary
- reduce code duplication
* Detection of handler depends on the wrong handler failing to list the contents of the tarfile.
Use explicit compression types with the python tarfile library to
achieve that.
* bytearray isn't available in python2.4
* unarchive: use Python's tarfile module for tar listing
fixes https://github.com/ansible/ansible/issues/11348
Depending on the current active locale, `tar`'s file listing can end up
spitting backslash-escaped characters. Unfortunately, when that happens,
we end up with double-escaped backslashes, giving us a wrong path,
making our action fail.
We could try un-double-escaping our paths, but that would be complicated
and, I think, error-prone. The easiest way forward seemed to simply use
the `tarfile` module.
Why use it only for listing? Because the `unarchive` option also
supports the `extra_opts` option, and that supporting this would require
us to mimick `tar`'s interface.
For listing files, however, I don't think that the loss of `extra_opts`
support causes problems (well, I hope so).
* unarchive: re-add xz decompression support
Following previous change to use Python's `tarfile` module for tar file
listing, we lost `xz` decompression support. This commits re-add it by
adding a special case in `TarXzArchive` that pre-decompresses the source
file.
* Adding docker_container
* If state absent, stop the container before attempting to remove. Fixed status running check.
* If container absent, stop before removing. Fix container status check.
- removed actions feature as this should be global and not per module
- removed default fields from return docs
- moved tags docs to shared fragments
- removed unused imports
* Add more example on how to use module ec2_tags to list tags on an instance
* Add more example on how to use module ec2_tags to list tags on an instance
Prior to the switch to the urls.py code, non-200 responses contained
a 'json' value when the content-type was JSON. This fix restores that
field upon a non-2xx response.
Fixesansible/ansible#15555
This adds a new module for collect device facts from remote devices
running OpenSwitch. This module is useful when collecting fact information
over CLI transport.
this change adds config_format argument with choices of xml, set or text to
specify the desired format of the config returned from the remote device. The
default value is text
There are established connections for a service. The service is bound to a ipv4-mapped ipv6 address. Wait_for wrongly waits for clients listed in exclude_hosts.
* fix git switch branches in combination with depth
* the old implementation is correct, but relies on git working correctly
(as only newer versions do)
* with some older git version (e.g. 1.8.3), git fetch remote branch does
not work, if the branch does not yet exist locally
* this patch works around that without explicitly checking the git version
* future refactoring is needed to reduce the number of fetches to a
minimum; but this patch makes the code "correct"
* add git version requirements to doc
* replace set-branches with git 1.7.1 compatible version
From the git status doc:
--porcelain
Give the output in an easy-to-parse format for scripts. This is similar to the short output, but will remain stable across Git versions and regardless of user configuration. See below for details.
User configuration can break the git module from working as expected.
Since fetch_url already take care of the exception, the try/except
clause is no longer working, so replace it with proper status
checking, thus permitting to remove urlib2 from the import list.
* Add optional force parameter for apache2_module
Fixes#2499
* Add documentation for the force parameter
* Clarify in description that -f(orce) is a Debian parameter
Some people use the command module to run curl not to
download file, but to interact with remote HTTP api, and the
get_url suggestion is not suitable. So adding uri in the warning
would give a more meaningful warning.
Suggested by Tahvok on #ansible irc channel.
'key_ids' is referenced before it is assigned, causing the module to fail with a UnboundLocalError instead of failing gracefully with a helpful error message. This very small patch moves the assignment of 'key_ids' to before the variable is referenced.
* WIP: Making unarchive idempotent
Currently unarchive is not idempotent and has many rough edges and bugs.
The current release is a workable improvement on many fronts:
- zip support is now idempotent (but gtar lacks check-mode)
- New option `exclude` to exclude specific paths/files
- New option `keep_newer` to exclude newer files on target
- New option `extra_opts` to influence unzip/gtar (like synchronize module)
The following items are still ongoing:
- Implement CRC32 support for .zip files
- Re-implement the zip support using native zipfile module
- Re-implement the gtar support using native tarfile/gzip/bz2 modules (lzma external)
- Implement check-mode (works in gzip, but fails using gtar)
- Implement diff-mode (discuss an appropriate output model, like synchronize module)
The re-implementation of unzip/gtar support using native python modules will not only simplify the codebase, additional functionality can be implemented correctly and identically, which is currently not possible. (Other archives could be implemented using native modules equally, incl. options)
* Assorted fixes to zip support (during quality checks)
- Support both rw---- and rwx--- permstr
- Better file type support (more qa needed)
- Symlink support
- Include fix from #3229
* Implement zip diff-mode (itemized change) and avoid changes permissions every time (!)
This commit implements:
- rsync-compatible itemized-change output in diff-mode (using zip)
- no longer changing permissions unconditionally (when idempotent)
* Small fixes to itemized change output
* Fixes to user/group ownership changes
- The implementation of user/group ownership is a bit more complex for idempotency
- We report when a ZIP file incorrectly tags a directory as a file/link
- We only offer diff output when there is a change
* Fix the handling of includes and excludes for unzip
* Remove test output from output (confuses easily)
* Logic and performance improvements to ownership handling, and umask fix
* Handle special files (type '?')
* Make exceptions compatible with python 2.4
* Implement CRC32 support
* Revert some unintended/unknown changes ?
* Taking over maintenance as offered by current maintainer
* Fix support for white-spaces in filenames
* Remove/rename incorrect regex
* Ensure that fat executables end up with execute permission
* Remove check_result from output when unchanged
* When unarchiving as a user, or when owner/group/mode is supplied --diff is insufficient
Only way to be sure is to check request with what is on disk (as we do for zip).
Leave this up to set_fs_attributes_if_different() instead of inducing a (false) change
* By default, don't send confusing check_results in verbose output
This fixes#74.
for install, remove, deb_install, and upgrade.
Since apt has very commonly familiar output, just use the normal output
from apt-get or aptitude -- trimmed to the interesting parts -- to show
to the user if she specified --diff on the CLI.
Uses the recent support for the `diff['prepared]` key.
Fixesansible/ansible#10239
This allows a user to modify the state of the virtual cdrom in a VM
by using the state == reconfigured action. This is useful for
provisioning VMs from templates which do not have ISO images connected.
ec2_elb_lb doesn't react well to AWS API throttling errors. This
implements an exponential backoff operation around some of the AWS API
calls (with random jitter, in line with AWS recommendations) to make
this more resilient.
* make git updates respect depth
until now `fetch` gets all tags and heads at full depth, this change
* uses `depth` argument for `fetch`
* only get the specified `version` in `fetch`
* fixes#14954
* treat combination of refspec and depth correctly
* be more conservative for non-depth fetch
* Speed up AMI code by not attempting to create the AMI without checking on the name first. Also simplifies code for reporting errors from AMI creation, greatly.
* remove sys.exit
A cloud/domain admin should be able to create a subnet on any
project it is granted on.
This change adds the 'project' parameter that accepts either
a name (admin-only) or id.
A cloud/domain admin should be able to create a network on any project
it is granted to.
This changes adds the possibility to pass either a project ID or
project name.
'server_insecure' maps to the subscription-manager config
(/etc/rhsm/rhsm.conf) value for 'insecure' key in the
'server' stanza. The 'insecure' configures if the https connection
to 'server_hostname' is verified as having been issued by
a CA in 'ca_cert_dir' trust store.
Previous documentation indicating it disables https and
enables http was inaccurate. Connection to server_hostname
always uses https.
* based on cpython os.path.ismount
* includes patch from http://bugs.python.org/issue2466
* fixes#2186
* when the upstream bug is fixed this should be removed/rewritten
* use ismount from module_utils
login_password should not be logged, so mark it as 'no_log'
the others arguments are path to file, and so should be type='path',
which permit to remove the line handling '~' and shell variables.
Fixed type checking to be more idiomatic powershell, also fixes a slew of StrictMode issues and gets error handling back to originally-intended behavior.
A change was merged to the main Ansible core code that can cause
a potential hang if any libraries are called that use threading.
This change was:
4b0aa1214c
This affected the os_object module by causing a hang on the shade
create_object() API call (which in turn calls swiftclient which
uses threading). The fix is to make sure all modules have a main()
that is wrapped with an "if __name__ == '__main__'" check.
In case role policy was deleted, we did not handle at all if there
was authorization issue to do the deletion. Also add message when
role is not found and the policy is skipped.
The default_project is checked at the beginning of the module.
This raises an exception if the project passed does not exist.
This logic only makes sense on resource creation, if a user
puts state=absent the module fails, even though the default
project is not relevant
If a server already exists when os_server is run, but a floating
IP was not assigned to the server when one was requested, the
module will attempt to add an IP to the existing server. But it
would not pass the wait/timeout params to the floating IP APIs.
If wait was True, you could get back a server dict that did not
show the floating IP because it did not wait.
route53 creates Record objects using `health check` and `failover`
parameters. Those parameters only became available in boto 2.28.0.
As some prominent LTS Linux releases (e.g.: Ubuntu 14.04) only ship
older boto versions (e.g.: 2.20.1 for Ubuntu 14.04), users are getting
unhelpful error messages like
TypeError: __init__() got an unexpected keyword argument 'health_check'
when running Ansible 2 against their LTS install's default boto.
We improve upon this error message by checking the boto version
beforehand.
Fixesansible/ansible#13646
Apologies, but I no longer use this module day-to-day myself, and I don't have the bandwidth right now to effectively triage changes in any kind of timely fashion.
Hello!
I wanted stop the containers matched only by image name, but can't do this, if I not set cmd in playbook.
This behavior confused me.
If cmd or entrypoint is defined for running container, but not defined in playbook, makes matching behavior as this sample:
https://github.com/ansible/ansible-modules-core/blob/devel/cloud/docker/docker.py#L463
This is useful for packages that bootstrap their own apt-key setup - only
the initial installation will require overriding. Notable examples are the
Dropbox and Google Chrome packages.
(Setting force=yes is far too strong: I only want to bypass
authentication!)
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Commit f71542c set the incorrect type for these two parameters to
dict when they are actually list of dicts.
Also, the extra_dhcp_opts was incorrectly named (without the terminal
's') and NEVER worked, so this was corrected.
Fixes#3301
This update adds exception handling to catch errors when trying to parse
command output to json. It also removes the dependency on importing json
opting to use the AnsibleModule methods instead
This commit adds a new module, ops_command, that handles executing commands
on OpenSwitch over the CLI. Since this module is designed to work with the
OpenSwitch CLI, it only supports the CLI transport option
This commit adds a new module, ops_config, that allows playbook designers
to create tasks for configuring OpenSwitch over the CLI. The module
is designed to work directly with configuration mode in OpenSwitch and
therefore only supports the CLI transport option
This commit address a bug in the ios_config module when using the
match: strict argument. When the argument is used, the module will
compare the configuration block same as match: exact which is not the
intended behavior. This commit updates the behavior to propertly handle
the strict argument.
now uses atomic move to avoid data corruption
correclty cleans up temp files in every case
returns backup_file info if needed
validate validate before temp file gets created
backup AFTER validate
Without this change, a download failure may bail out with the message:
"Failure downloading http://foo/bar, 'NoneType' object has no attribute 'read'"
whereas with this fix, you'd get a proper error like:
"Failure downloading http://foo/bar, Request failed: <urlopen error [Errno 113] No route to host>"
or one of the many other possible download errors that can occur.
The returned list of diffs aims to simulate how a file system diff would
look before and after writing the sources list files.
![screenshot](http://i.imgur.com/dH6QXtY.png)
n.b. Ternary conditional is due to failing integration test for
python 2.4
This commit refactors the arugments used in ops_template to be strictly
typed and handle by declarative / rest and cli based configurations. It
also removes old arguments not supported and cleans up the documentation
strings
This mirrors a nearly identical change made to apt_repository.py.
Also removes the use of apt-get --force-yes as it can be dangerous
and should not be necessary (apt_repository.py does not use it).
Repeating the explanation from the apt_respository change below:
Since use_unsafe_shell is suspicious from a security point
of view (or it wouldn't be unsafe), the less we have, the less
code we have to thoroughly inspect for a security audit.
In this case, the '&&' can be replaced by doing 2 calls to run_command.
Running async_status in an "until: result.finished" loop will mask a module failure (eg, traceback) with a
template failure, because the fail dict doesn't include "finished" (eg, you'll see "ERROR! The conditional check 'bogus_out.finished' failed. The error was: ERROR! error while evaluating conditional: bogus_out.finished ({% if bogus_out.finished %} True {% else %} False {% endif %}"). Because the failure dict still includes "failed: true",
this change has no effect on stoppage/failure reporting, it just prevents the common usage pattern from masking the underlying error message.
Since our validation does conversion as well as validation, I'm not sure
this is entirely correct. May need to take a look at our conversion
code and re-examine to be sure we're doing it right.
I like to use ~/somepath instead of absolute paths because
that's more shareable. Without expansion, the path wasn't
considered a file, and the resulting cloud-config user_data
contained a string for the file path instead of the file context.
So, expand it.
restart_containers(containers.running) may try to restart containers
that are deleted when looping through get_differing_containers()
fix this by refreshing list after first loop
The ulimit will be specified as a list and separated by colons. The
hard limit is optional, in which case it is equal to the soft limit.
The ulimits are compared to the ulimits of the container and added
or adjusted accordingly on by a reload.
The module ensures that ulimits are available in the capabilities
iff ulimits is passes as a parameter.