Commit graph

8024 commits

Author SHA1 Message Date
Patrick Uiterwijk
77af3a68de Fix adding the same trusted certificates multiple times (#18296)
If there is an intermittent network failure, we might be trying to reach
an URL multiple times. Without this patch, we would be re-adding the same
certificate to the OpenSSL default context multiple times.
Normally, this is no big issue, as OpenSSL will just silently ignore them,
after registering the error in its own error stack.
However, when python-cryptography initializes, it verifies that the current
error stack of the default OpenSSL context is empty, which it no longer is
due to us adding the certificates multiple times.
This results in cryptography throwing an Unknown OpenSSL Error with details:

OpenSSLErrorWithText(code=185057381L, lib=11, func=124, reason=101,
reason_text='error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table'),

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-11-02 10:40:48 -07:00
Matt Clay
275d5f85ec Update submodule refs. 2016-11-02 09:59:10 -07:00
Samuel Boucher
911a602c79 Update syslog_json.py
Add SYSLOG_FACILITY environment variable to set syslog facility
2016-11-02 10:02:56 -04:00
Daniel
b7e6ace4ee Add timeout option for nxapi (#18074)
* Changes to be committed:
	modified:   lib/ansible/module_utils/nxos.py
    - added configurable timeout to module paramaters
	modified:   lib/ansible/utils/module_docs_fragments/nxos.py
    - added documentation for timeout

* Changes to be committed:
    modified:   ansible/module_utils/nxos.py
    - added timeout option for nxapi transport and added documentation
    - option works with CLI or NXAPI transport

*  Changes to be committed:
	modified:   lib/ansible/utils/module_docs_fragments/nxos.py
    - Changed per comments in PR 18074

*  Changes to be committed:
	modified:   lib/ansible/module_utils/nxos.py
    - added try/except block to test for timeout

* Changes to be committed:
modified:   lib/ansible/module_utils/nxos.py
 - tweaked timeout
2016-11-02 13:32:19 +00:00
jctanner
333f6d447b aix network facts: Separate out the uname call to reduce total calls (#18288)
* aix network facts: Separate out the uname call to reduce total calls
* Remove duplicate check

Fixes #11289
2016-11-01 19:34:26 -04:00
Jasper Lievisse Adriaanse
88970bcfb2 Implement basic DMI facts for OpenBSD 2016-11-01 13:50:02 -04:00
Adrian Likins
309f54b709 Fix 'vault rekey' with vault secret env var
if ANSIBLE_VAULT_PASSWORD_FILE is set, 'ansible-vault rekey myvault.yml'
will fail to prompt for the new vault password file, and will use
None.

Fix is to split out 'ask_vault_passwords' into 'ask_vault_passwords'
and 'ask_new_vault_passwords' to make the logic simpler. And then
make sure new_vault_pass is always set for 'rekey', and if not, then
call ask_new_vault_passwords() to set it.

ask_vault_passwords() would return values for vault_pass and new
vault_pass, and vault cli previously would not prompt for new_vault_pass
if there was a vault_pass set via a vault password file.

Fixes #18247
2016-11-01 13:07:48 -04:00
Toshio Kuratomi
557f46658c Update submodule refs 2016-11-01 09:39:32 -07:00
Daniel Menet
19fdb58948 fix iteritems for python 3 2016-11-01 09:38:03 -07:00
Michael Scherer
4c85a1fa05 Refactor code for VirtualFacts (#18122)
The populate method is cut and paste on every subclass,
so we should push it up, and add a default method that is overloaded
2016-11-01 10:07:50 -04:00
Brian Coca
d4ac0bdea9 display fixes
banner now adjusts to screen as does output
output now keeps at least one space to end of screen to allow for better reading.
2016-11-01 09:51:20 -04:00
Matt Clay
b42e42343c Update submodule refs. 2016-10-31 21:25:07 -07:00
jctanner
b494d55bde Cast input role version to string before comparing to available versions (#18269)
* Cast input role version to string before comparing to avaialble versions

Fixes #10262
2016-10-31 21:07:38 -04:00
Matt Clay
e753860cb2 Update submodule refs. 2016-10-31 17:16:53 -07:00
Matt Martz
cb1e3dab0d Add 'type' filter for display the underlying python type of a variable (#18242)
* Add 'type' filter for display the underlying python type of a variable

* Update playbooks_filters.rst

Minor copyedit.
2016-10-31 13:36:24 -07:00
James Tanner
6d9771bbf8 Move the check for playbook files above the password prompting.
Fixes #9904
2016-10-31 12:44:53 -04:00
Toshio Kuratomi
d7207b3910 Update submodule refs 2016-10-31 09:26:23 -07:00
René Moser
44bdc6fb79 cloudstack: implement diff support (#18254) 2016-10-30 17:05:24 +01:00
René Moser
01af859090 cloudstack: add support for defining some args as ENV vars (#17946)
These ENV vars are:
  - CLOUDSTACK_ZONE
  - CLOUDSTACK_DOMAIN
  - CLOUDSTACK_ACCOUNT
  - CLOUDSTACK_PROJECT

help to DRY on every task, args still have precedence.
2016-10-30 12:24:03 +01:00
Matt Clay
37580c7d70 Update submodule refs. 2016-10-29 23:28:23 -07:00
Sijis Aviles
b365f44fa1 Simplify surrogate check in to_text() (#18211)
* Simplify surrogate check in to_text()

* Simplify surrogateescape check even further
2016-10-29 09:12:02 -07:00
Nathaniel Case
4a067c3f50 Exception.message gone in 3.x (#18221)
* Exception.message gone in 3.x
2016-10-28 13:48:16 -04:00
Steve Kuznetsov
0bc35354ce Change v2_playbook_on_start logic to positively detect legacy plugins
In order to support legacy plugins, the following two method signatures
are allowed for `CallbackBase.v2_playbook_on_start`:

def v2_playbook_on_start(self):
def v2_playbook_on_start(self, playbook):

Previously, the logic to handle this divergence checked to see if the
callback plugin being called supported an argument named `playbook`
in its `v2_playbook_on_start` method. This was fragile in a few ways:
 - if a plugin author did not use the literal `playbook` to name their
   method argument, their plugin would not be called correctly
 - if a plugin author wrapped their `v2_playbook_on_start` method and
   by doing so changed the argspec to no longer expose an argument
   with that literal name, their plugin would not be called correctly

In order to continue to support both types of callback for backwards
compatibility while making the call more robust for plugin authors,
the logic can be reversed in order to have a positive check for the old
method signature instead of a positive check for the new one.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
2016-10-28 10:05:58 -07:00
Matt Davis
916fc25088 bump submodule refs 2016-10-28 09:45:13 -07:00
Michael Scherer
6052c1294b Cleanup StringIO import for module_utils/shell.py 2016-10-28 08:00:57 -07:00
Toshio Kuratomi
4c06ddced6 Update submodule refs 2016-10-28 07:46:43 -07:00
Chris Houseknecht
dceb2a0393 Remove extra display statements and add docs (#18229)
* Add docs for ansible-galaxy import --role-name option.

* Add docs for ansible-galaxy init --container-enabled option.
2016-10-28 00:38:39 -04:00
Monty Taylor
bd9ca5ef28 Allow setting alternate_role_name for galaxy CLI (#17418)
When using the ansible-galaxy CLI to import roles, it's not possible to
specify an alternate_role_name, even though the REST API seems to allow
such a thing (at least on investigation of the interactions the web app
makes) That makes importing things like:
openstack/openstack-ansible-os_cloudkitty wind up with roles named
"openstack-ansible-os_cloudkitty" instead of "os_cloudkitty".

Also, the web ui is smart and imports
"openstack-infra/ansible-role-puppet" as openstack-infra.puppet ... but
the CLI imports it as openstack-infra.ansible-role-puppet. Add that
filtering as well.

Issue ansible/galaxy-issues:#185
2016-10-27 22:34:59 -04:00
Chris Houseknecht
d60bc492b6 Add --container-enabled option to ansible-galaxy init command. (#18157) 2016-10-27 22:16:22 -04:00
jasdeep-hundal
679da00236 Fix OpenSSH-related ssh process exit race
Mitigate the effects of observing the ssh process still running
after seeing an EOF on stdout when using OpenSSH with
ControlPersist, since it does not close the stderr file descriptor
in this case.
2016-10-27 15:47:24 -07:00
Matt Robinson
4ff8890ec1 Set ansible_os_family correctly under KDE neon
As neon is derived from Ubuntu, ansible_os_family should have the value
"Debian" instead of "Neon".  Add a test case for KDE neon and set
os_family correctly for it.
2016-10-27 20:28:38 +01:00
Andrew Gaffney
e6d9a45cd0 Fix service_mgr detection for OpenWrt 2016-10-27 14:09:26 -04:00
Toshio Kuratomi
fda933723c Add hint that python3 might be too old
This limitation of python-3.4 mkstemp() is the final reason we made
python-3.5 our minimum version.  Since we know about it, give a nice
error to the user with a hint that Python3.4 could be the issue.

Fixes #18160
2016-10-27 07:45:14 -07:00
jctanner
5a0621db55 iterate through task results only if the key is not at the root level (#18214)
Fixes https://github.com/ansible/ansible-modules-core/issues/5396
2016-10-27 09:43:49 -04:00
Brian Coca
680cade77a simplified the code by removing repeats
(cherry picked from commit 84380b0ee4029212fc1637c008e07bb9958305c3)
2016-10-26 20:49:55 -04:00
Rene Moser
3763283d01 tasks_queue_manager: fix fork calculation if serial in % 2016-10-26 15:21:31 -04:00
Toshio Kuratomi
56086f3b9e A few fixes for python3
* socket interfaces take bytes so convert text strings to bytes when
  using them.
* Use b64encode() instead of str.encode('base64')
2016-10-26 11:47:40 -07:00
Matt Davis
f8482e335c bump core submodule ref for win_shell/win_command fix 2016-10-25 17:22:18 -07:00
John R Barker
525b672c0c Docs fragment for common a10 options (#18163) 2016-10-25 16:03:25 +01:00
jctanner
5502da3cf8 copy: Use the local file's mode for the argument if not explicitly given. (#17780)
* Use the local file's mode to for the argument if not explicitly given.

Fixes https://github.com/ansible/ansible-modules-core/issues/1124

* Fix octal mode for py3

* Implement preserve instead of null

* Remove duplicate line

* Update comment

* Use stat module per toshia's suggestion
2016-10-24 23:57:50 -04:00
Will
1f30bc8a6f Fix lxd_container module fails if certificate already in trust store
When the client certificate is already stored, lxd returns a JSON error with message "Certificate already in trust store". This "error" will occur on every task run after the initial run. The cert should be in the trust store after the first run and this error message should really only be viewed as informational as it does not indicate a real problem.

Fixes:
ansible/ansible-modules-extras#2750
2016-10-24 20:40:04 -07:00
Matt Davis
d1e1898b0e fix version check to support >=rc5 2016-10-24 20:01:41 -07:00
Foxlik
8bb01d4c29 Fix #10865
Slightly better handling of http headers from http (CONNECT) proxy. Buffers up to 128KiB of headers and raises exception if this size is exceeded.

This could be optimized further, but for the time being it does the trick.
2016-10-24 18:18:38 -07:00
Toshio Kuratomi
188ae18b1c Add a new potential su prompt
Two parts to this change:
* Add a new string that requests password
* Add a new glyph that can be used to separate the prompt from the
  user's input as it seems it can use fullwidth colon rather than colon.

Fixes #17867
2016-10-24 16:55:54 -07:00
Thomas Quinot
236c923c25 Filter out internal magic and connection variables from facts returns
Fixes #15925
2016-10-24 17:27:43 -05:00
Michael Riss
c05bad9f74 Improved caching for urls
- When there is no file at the destination yet, we have no modification time for the `If-Modified-Since`-Header. In this case trust the cache to make the right decision to either serve a cached version or to refresh from origin. This should help with mass-deployment scenarios where you want to use a local cache to relieve your uplink.
- If you don't trust the cache to make the right decision you can still force it to refresh by providing the `force: yes` option.
2016-10-24 16:13:38 -04:00
Rene Moser
e69d26270f handler: notify a handler by name _and_ listen
Before we only allowed either notify by name or listen and name had precedence.
2016-10-24 10:59:05 -04:00
Toshio Kuratomi
ce4330d986 Update submodule refs 2016-10-24 07:21:29 -07:00
Michael Scherer
6885797b03 Add support for getting network facts on GNU Hurd
Since ifconfig/ip are not present on the system, and there is no /proc
to be parsed, the only way to get information is by looking at the
argument of the pfinet translator, the process in charge of network.

In turn, this is done with fsysopts on the appropriate path, who return
something like this:

    # fsysopts -L /servers/socket/inet
    /hurd/pfinet --interface=/dev/eth0 --address=192.168.122.130
    --netmask=255.255.255.0 --gateway=192.168.122.1 --address6=fe80::5254:12:ced/10
    --address6=fe80::5054:ff:fe12:ced/10 --gateway6=::

So to get the IP addresses, one has to parse that string and fill the appropriate
structure.

More information on the system and on limitation can be found on
- https://www.gnu.org/software/hurd/hurd/translator/pfinet.html
- https://www.gnu.org/software/hurd/hurd/translator/pfinet/implementation.html
- https://www.debian.org/ports/hurd/hurd-install
2016-10-24 09:45:22 -04:00
Michael Scherer
f4593ecac7 Add support for getting hardware facts on GNU Hurd (#18152)
* Fallback to /proc/mounts if /etc/mtab do not exist

On modern system, the file is just a compatibility symlink, and
some system (like GNU Hurd) do not have it, but provides /proc/mounts

* Add support for uptime, memory and mount facts on GNU Hurd
2016-10-24 09:44:52 -04:00
Matt Davis
2708ef99b8 bump core submodule ref for async fix 2016-10-24 00:00:24 -07:00
Toshio Kuratomi
3098cc2eb9 Update submodule refs 2016-10-23 16:55:43 -07:00
Toshio Kuratomi
dcbd64b481 Update submodule refs 2016-10-23 14:47:16 -07:00
Michael Scherer
6a76a9299d Fix 18151, by converting float to int 2016-10-23 14:00:51 -07:00
Adrian Likins
c0331d50dc Remove callback.CallbackBase._copy_result_exclude
Nothing seems to use this now.

Was added originally added in2d11cfab92f9d26448461b4bc81f466d1910a15e
but the code that used it was removed in
e02b98274b
2016-10-23 13:36:20 +02:00
stephane
77868a4104 Set Suse family for openSUSE Tumbleweed & Leap
On openSUSE Tumbleweed, lsb-release -a currently reports
the distributor ID as "openSUSE Tumbleweed". On openSUSE
Leap, the distributor ID is "SUSE LINUX".

Add them to the OS_FAMILY dict as Suse family systems.

Also add an entry to TESTSETS in test_distribution_version.py
for openSUSE Tumbleweed.
2016-10-23 02:04:28 +02:00
Matt Robinson
692bfa872a Make bcrypt + passlib work in password_hash filter
If hashtype for the password_hash filter is 'blowfish' and passlib is
available, hashing fails as the hash function for this is named 'bcrypt'
(and not 'blowfish_crypt').  Special case this so that the correct
function is called.
2016-10-23 01:46:05 +02:00
Toshio Kuratomi
def260b5d1 Update submodule refs to pick up latest py3 fixes (and git dep yaml fix) 2016-10-21 09:01:35 -07:00
Brian Coca
aa5938bf8e updated submodule ref 2016-10-21 11:19:46 -04:00
Ssawa
8e47b9bc70 Handle 'smart' scp_if_ssh option for fetch (#18125) 2016-10-21 09:59:56 -04:00
Toshio Kuratomi
6d9f780937 Now that we convert salt inside of do_encryptas needed, keep salt as text type until then. 2016-10-20 22:49:30 -07:00
Thilo Uttendorfer
cf0da0948d Fix uninitialized variable in deserialize method (#18037)
The bug was introduced with commit 06d4f4ad0e.
Added a simple test.
2016-10-20 22:54:16 -04:00
Dag Wieers
cd784cd345 Remove unnecessary warnings (#18121) 2016-10-20 22:49:49 -04:00
Michael Scherer
492da6ce71 Add support for NetBSD network fact (#18113)
Like hostname, it use the same interface as FreeBSD so
we bascailly reuse the same code. Only tested on NetBSD 7.
2016-10-20 17:50:22 -04:00
Toshio Kuratomi
9a5be38a22 Update submodule refs 2016-10-20 14:04:35 -07:00
Michael Scherer
578da9a615 Enable test for lookups on python 3
Since passlib algo sometime takes a bytes, and sometime
not, depending on a internal variable, we have to convert
bnased on it, or it fail with "TypeError: salt must be bytes,
not str" (or unicode instead of bytes)

However, that's not great to use internal structure for that.
2016-10-20 13:22:59 -07:00
Brian Coca
fbe0e6c9a2 improved error msg 2016-10-20 16:02:06 -04:00
Brian Coca
ea428e716d role now fails if specified file not found
fixes https://github.com/ansible/ansible-modules-core/issues/5166
2016-10-20 14:39:54 -04:00
Brian Coca
432633e4c1 fix for check_mode/async interaction
fixes #18110
2016-10-20 14:38:36 -04:00
Toshio Kuratomi
1d3db8ec5b iUpdate submodule refs 2016-10-20 10:29:57 -07:00
Michael Scherer
4549604cc7 Use six.move for module in module_utils/facts.py 2016-10-19 21:32:28 -07:00
Ryan S. Brown
a4660766f7 Update core submodule ref 2016-10-19 19:07:29 -04:00
Toshio Kuratomi
25e25127b9 Update submodule refs 2016-10-19 08:59:59 -07:00
Toshio Kuratomi
5037dc4e69 Make the default Ansible_managed string static so it doesn't interfere with idempotency 2016-10-18 16:19:17 -04:00
Brian Coca
99220a5f6c properly propagate loop vars
fixes #17966
2016-10-18 15:27:16 -04:00
Toshio Kuratomi
001e2b52e0 Update submodule ref for git fix 2016-10-18 11:54:45 -07:00
Brian Coca
01b75f966b fix include_role dynamic path
fixes #17966
2016-10-18 13:27:38 -04:00
Brian Coca
38d0f77a0f include_role now allows duplicates by default
setting is overridable by user
2016-10-18 11:14:10 -04:00
Toshio Kuratomi
ea479001f0 Update submodule ref 2016-10-18 07:22:31 -07:00
Toshio Kuratomi
60acfd1e87 Fix ansible-pull on python3
On python3, we can't write bytes directly to sys.stdout.
2016-10-17 16:31:08 -07:00
Toshio Kuratomi
2b105ec7ab Update submodule refs 2016-10-17 14:21:31 -07:00
James Cammarata
5be2a3a9e0 Break out of linear strategy if all hosts are failed and the result is not OK
Fixes #18021
2016-10-17 16:00:04 -05:00
Thilo Uttendorfer
5ece97ae5b Fix call of wrong super class
Added a basic test
2016-10-17 14:53:03 -04:00
Aaron Bieber
3fc1b4da53 Remove -b option from pbrun.
The -b option reads as follows:
` The target job is directed to ignore hangup signals. This is particularly
useful for running the target program in the background.`

If needed, '-b' can be added to become_flags

Squashed commit of the following:

commit f2c9f5c011ae8be610301d597a34bfba1a391e08
Author: Aaron Bieber <aaron@bolddaemon.com>
Date:   Mon Oct 17 10:58:14 2016 -0600

    remove pbrun flags

commit f402679ac177c931ad64bd13306f62512a14fcd6
Author: Aaron Bieber <aaron@bolddaemon.com>
Date:   Fri Oct 14 15:29:29 2016 -0600

    use Password: vs assword: for matching pbrun prompt

commit cd2e90cb65854c4cc5dd8773404e520d40f82765
Author: Aaron Bieber <aaron@bolddaemon.com>
Date:   Fri Oct 14 15:28:58 2016 -0600

    move -b to pbrun_flags
2016-10-17 14:40:11 -04:00
Andrew Gaffney
194c9c41eb Fix search path for relative paths in roles (fixes #17877)
(cherry picked from commit 72f0aaf606)
2016-10-17 11:21:46 -04:00
Brian Coca
9bdde13126 fixes to ansible_search_path
now gets basedir (no need to frontload as dwim already does that)
added comment about basedir to search_path usage to avoid dupes
2016-10-17 11:21:46 -04:00
Brian Coca
7d9d009189 avoid errors when dynamic role 2016-10-17 11:21:46 -04:00
Toshio Kuratomi
4ce0cf57b6 Update submodule refs 2016-10-17 08:15:33 -07:00
Robin Roth
3922328954 Allow unicode inventory filename
Fixes #17932
2016-10-15 16:54:51 -07:00
Bill Nottingham
77e7ae6838 Change <support@ansible.com> - it's being retired. 2016-10-15 16:42:13 -07:00
Toshio Kuratomi
f24c10c32b Fixes to handle non-ascii become passwords
Fixes for non-ascii passwords on
* both python2 and python3,
* local and paramiko_ssh (ssh tested working with these changes)
* sudo and su

Fixes #16557
2016-10-15 16:25:19 -07:00
Toshio Kuratomi
efc5dac52c Fix become password using non-ascii for local connection
Fixes #18029
2016-10-15 11:26:17 -07:00
Toshio Kuratomi
e9e7967dd0 Update extras submodule ref to pull in misc's py3 fixes 2016-10-15 09:17:49 -07:00
Toshio Kuratomi
9a49506677 Update submodule refs 2016-10-15 08:24:33 -07:00
James Cammarata
0d5206f90c Don't mark parent role complete for nested include_role calls
The PlayIterator was written without nested roles in mind, but since
include_role can nest them we need to check to see if we've moved into
a new role which is a child via nesting.

Fixes #18026
2016-10-14 14:28:40 -05:00
Matt Clay
7e2fc88218 Fix docs fragment typo. 2016-10-14 09:50:15 -07:00
Brian Coca
ff1e52184f Better error for bad role def 2016-10-14 11:38:09 -04:00
James Cammarata
6bdcb3a392 Make sure free strategy is returning proper TQM constants
Fixes #18023
2016-10-14 09:23:35 -05:00
John R Barker
9183bb6391 docs_fragments formatting and typo improvements (#17981) 2016-10-14 15:13:15 +01:00
Brian Coca
b169a61c20 toggle missing handler errors/warnings via config 2016-10-13 16:54:02 -04:00