Commit graph

8296 commits

Author SHA1 Message Date
Evgeni Golov
8db3a63983 fix handling of config options that share the same prefix
container_config:
      - "lxc.network.ipv4.gateway=auto"
      - "lxc.network.ipv4=192.0.2.1"

might try to override lxc.network.ipv4.gateway in the second entry as both
start with "lxc.network.ipv4".
use a regular expression to find a line that contains (optional) whitespace
and an = after the key.

Signed-off-by: Evgeni Golov <evgeni@golov.de>
2016-04-10 13:37:00 +02:00
Evgeni Golov
c03e77a63a strip whitespace from key and value before inserting it into the config
before the following would produce four entries:

    container_config:
      - "lxc.network.flags=up"
      - "lxc.network.flags =up"
      - "lxc.network.flags= up"
      - "lxc.network.flags = up"

let's strip the whitespace and insert only one "lxc.network.flags = up"
into the final config

Signed-off-by: Evgeni Golov <evgeni@golov.de>
2016-04-10 13:33:48 +02:00
René Moser
474baaa831 Merge pull request #1981 from macdiesel/macdiesel/urlencode-hipchat-api-path
Escape room name in hipchat api v2 urls
2016-04-10 11:57:01 +02:00
René Moser
fc79c8820e Merge pull request #1971 from insom/devel
Add `to_destination` parameter to iptables
2016-04-10 11:18:49 +02:00
Vlad Gusev
f1175693f6 system/puppet: add --tags parameter (#1916)
* system/puppet: add --tags parameter

--tags [1] is used to apply a part of the node’s catalog.

In puppet:
puppet agent --tags update,monitoring

In ansible:
puppet: tags=update,monitoring

[1] https://docs.puppetlabs.com/puppet/latest/reference/lang_tags.html#restricting-catalog-runs

* Add example of tag usage.

* system/puppet: add list type for a tags dict.
2016-04-10 11:14:48 +02:00
Michael Scherer
197ee8bef4 Client_secret is supposed to be kept secret, so mark it as no_log (#1995) 2016-04-09 23:33:11 -07:00
Ricardo Carrillo Cruz
34045fddb1 Add os_user_facts module
This module gather facts about one or more OpenStack users
2016-04-09 11:43:40 +00:00
Ricardo Carrillo Cruz
d914b3fa84 Add os_keystone_domain_facts module
This module gathers one or more OpenStack domains facts
2016-04-09 11:25:06 +00:00
nitzmahone
5abb914315 win_updates fix to use documented InstanceGuid property name 2016-04-07 17:38:38 -07:00
nitzmahone
93db039783 win_updates shouldn't install hidden updates 2016-04-07 17:38:37 -07:00
=
8192ad24d5 adding the ability to manage binary registry data 2016-04-07 18:22:23 +01:00
Michael Scherer
bc198cc33a Avoid token leak by marking it as sensitive with no_log (#1966) 2016-04-07 12:47:57 -04:00
Michael Scherer
7120fb4b01 Properly label path argument with type='path' (#1940) 2016-04-07 11:25:04 -04:00
Michael Scherer
3385bf5ef2 Do not leak mail password by error 2016-04-07 08:59:11 -04:00
Michael Scherer
c215bff12e Mark password as 'no_log', to avoid leaking it 2016-04-07 08:58:15 -04:00
Brian Beggs
ed35159702 hipchat api v2 rooms are now url escaped 2016-04-06 17:07:03 -04:00
Rob
84f2aa6167 Updated Amazon module guidelines regarding boto3
* Updated Amazon module guidelines regarding boto3

* Spelling correction
2016-04-06 09:37:52 -04:00
Aaron Brady
e2138c7e14 Add to_destination parameter 2016-04-06 11:30:59 +01:00
Andy Baker
204b4bab56 type should be 'list' not the default of 'string' 2016-04-04 14:18:00 -04:00
Evgeni Golov
6bfd2846f8 don't create world-readable archives of LXC containers
with the default umask tar will create a world-readable archive of the

container, which may contain sensitive data



Signed-off-by: Evgeni Golov <evgeni@golov.de>
2016-04-04 11:28:22 -04:00
Michael Scherer
719b9b229b Prevent password leaks in notification/irc 2016-04-04 09:31:12 -04:00
Michael Scherer
95e07d2f51 Use no_log=True for campfire module to avoid leaks 2016-04-04 09:18:34 -04:00
Michael Scherer
b5333ba08c Set no log for jabber.py password 2016-04-04 09:14:56 -04:00
Michael Scherer
5696e6c33a Do not leak passwords in case of error in cloudstack modules 2016-04-03 10:34:10 +02:00
Evgeni Golov
7c3999a92a do not use a predictable filenames in the LXC plugin
* do not use a predictable filename for the LXC attach script

* don't use predictable filenames for LXC attach script logging

* don't set a predictable archive_path



this should prevent symlink attacks which could result in

* data corruption

* data leakage

* privilege escalation
2016-04-02 01:20:42 -07:00
René Moser
f710908574 Merge pull request #1915 from mscherer/fix_cpanm
Add proper type to cpanm arguments
2016-04-02 08:48:50 +02:00
Chulki Lee
f3c168594a osx_defaults: fix datetime
Fix #1742
2016-04-01 20:45:33 -04:00
Matt Martz
154afa7dc1 Merge pull request #1943 from sivel/rebase-prs
Rebase PRs against $TRAVIS_BRANCH before performing tests
2016-04-01 14:15:12 -05:00
Matt Martz
d4c73059fe Rebase PRs against $TRAVIS_BRANCH before performing tests 2016-04-01 13:50:22 -05:00
René Moser
daddc7caf4 Merge pull request #1478 from m0/firewalld_interface
Extends firewalld module with ability to add/remove interfaces to/from zones
2016-04-01 13:35:47 +02:00
René Moser
78b6645d10 Merge pull request #1937 from Comcast/fix/iptables_dscp_docs
fix dscp marking documentation in iptables module
2016-04-01 13:30:01 +02:00
René Moser
fb3d584abd Merge pull request #1933 from evgeni/no-lxc-default.conf
do not set a default config for lxc containers
2016-04-01 13:29:04 +02:00
Evgeni Golov
185bcbd8f7 explicitly set "default: null" in the docs 2016-04-01 11:04:35 +02:00
René Moser
e94f28771b Merge pull request #1936 from retropc/devel
fix security vulnerability in lxc module
2016-04-01 07:43:23 +02:00
Matt Davis
7ce47aff79 Merge pull request #1117 from h0nIg/devel_win_owner
win_owner to change owner
2016-03-31 15:45:34 -07:00
David Hocky
031f98e86c fix dscp marking documentation in iptables module 2016-03-31 18:37:37 -04:00
René Moser
83a835925e Merge pull request #1737 from Dufgui/devel
fix #1731 : mongodb_user always says changed
2016-04-01 00:24:22 +02:00
Chris Porter
da84e2e9b8 fix security vulnerability in lxc module
octal/decimal confusion makes file world-writable before executing it
2016-03-31 22:55:44 +01:00
René Moser
8afaa69e21 Merge pull request #1935 from bob-smith/dynamodb_tableversion
restore version_added in dynamodb_table.py
2016-03-31 21:42:17 +02:00
John Barker
950e2d9484 restore version_added in dynamodb_table.py 2016-03-31 20:15:32 +01:00
René Moser
1989b8ba57 Merge pull request #1931 from mhite/bigip_pool_member_port_0
Allow port 0 as a valid pool member port
2016-03-31 19:21:22 +02:00
René Moser
3498cd2eae Merge pull request #1927 from jwitko/devel
The current module supporting F5 BIGIP pool creation does not support…
2016-03-31 10:50:35 +02:00
Brian Coca
2a09b7a582 Merge pull request #1932 from mscherer/fix_yum_repos
Use type='path' for reposdir, since that's a path
2016-03-30 13:03:41 -07:00
Michael Scherer
d9b8043b4a Use type='path' for reposdir, since that's a path 2016-03-30 21:49:58 +02:00
Matt Hite
8a27e785db Allow port 0 as a valid pool member port 2016-03-30 09:29:34 -07:00
Evgeni Golov
71b0067aa6 do not set a default config for lxc containers
otherwise deploying user-containers fail as these require information
from ~/.config/lxc/default.conf that the LXC tools will load if no
--config was supplied

Signed-off-by: Evgeni Golov <evgeni@golov.de>
2016-03-30 17:08:42 +02:00
René Moser
282221e5a0 Merge pull request #1928 from resmo/fix/build-os-user-role
openstack: doc: add return doc, fixes build
2016-03-30 13:00:19 +02:00
Rene Moser
25d7126852 openstack: doc: add return doc, fixes build 2016-03-30 12:56:20 +02:00
René Moser
ab656bb7dd Merge pull request #1866 from Jimdo/monitor_thresholds
Allow Datadog metric alerts to define multiple thresholds
2016-03-30 12:09:12 +02:00
René Moser
6c8f01dd5f Merge pull request #1911 from Shrews/os_user_role
Add OpenStack os_user_role module
2016-03-30 12:00:43 +02:00