- Added documentation about using VMware dynamic inventory plugin.
- Fixed bug around populating host_ip in hostvars in vmware_vm_inventory.
- Image reference change in Azure VMSS is detected and applied correctly.
- docker_volume - reverted changed behavior of ``force``, which was released in Ansible 2.7.1 to 2.7.5, and Ansible 2.6.8 to 2.6.11. Volumes are now only recreated if the parameters changed **and**``force`` is set to ``true`` (instead of or). This is the behavior which has been described in the documentation all the time.
- set ansible_os_family from name variable in os-release
- yum and dnf can now handle installing packages from URIs that are proxy redirects and don't end in the .rpm file extension
Bugfixes
--------
- Added log message at -vvvv when using netconf connection listing connection details.
- Changes how ansible-connection names socket lock files. They now use the same name as the socket itself, and as such do not lock other attempts on connections to the same host, or cause issues with overly-long hostnames.
- Fix mandatory statement error for junos modules (https://github.com/ansible/ansible/pull/50138)
- Moved error in netconf connection plugin from at import to on connection.
- This reverts some changes from commit 723daf3. If a line is found in the file, exactly or via regexp matching, it must not be added again. `insertafter`/`insertbefore` options are used only when a line is to be inserted, to specify where it must be added.
- allow using openstack inventory plugin w/o a cache
- callbacks - Do not filter out exception, warnings, deprecations on failure when using debug (https://github.com/ansible/ansible/issues/47576)
- certificate_complete_chain - fix behavior when invalid file is parsed while reading intermediate or root certificates.
- copy - Ensure that the src file contents is converted to unicode in diff information so that it is properly wrapped by AnsibleUnsafeText to prevent unexpected templating of diff data in Python3 (https://github.com/ansible/ansible/issues/45717)
- correct behaviour of verify_file for vmware inventory plugin, it was always returning True
- dnf - fix issue where ``conf_file`` was not being loaded properly
- dnf - fix update_cache combined with install operation to not cause dnf transaction failure
- docker_container - fix ``network_mode`` idempotency if the ``container:<container-name>`` form is used (as opposed to ``container:<container-id>``) (https://github.com/ansible/ansible/issues/49794)
- docker_container - warning when non-string env values are found, avoiding YAML parsing issues. Will be made an error in Ansible 2.8. (https://github.com/ansible/ansible/issues/49802)
- docker_swarm_service - Document ``labels`` and ``container_labels`` with correct type.
- docker_swarm_service - Document ``limit_memory`` and ``reserve_memory`` correctly on how to specify sizes.
- docker_swarm_service - Document minimal API version for ``configs`` and ``secrets``.
- docker_swarm_service - fix use of Docker API so that services are not detected as present if there is an existing service whose name is a substring of the desired service
- docker_swarm_service - fixing falsely reporting ``update_order`` as changed when option is not used.
- document old option that was initally missed
- ec2_instance now respects check mode https://github.com/ansible/ansible/pull/46774
- fix for network_cli - ansible_command_timeout not working as expected (#49466)
- fix handling of firewalld port if protocol is missing
- fix lastpass lookup failure on python 3 (https://github.com/ansible/ansible/issues/42062)
- flatpak - Fixed Python 2/3 compatibility
- flatpak - Fixed issue where newer versions of flatpak failed on flatpak removal
- flatpak_remote - Fixed Python 2/3 compatibility
- gcp_compute_instance - fix crash when the instance metadata is not set
- grafana_dashboard - Fix a pair of unicode string handling issues with version checking (https://github.com/ansible/ansible/pull/49194)
- host execution order - Fix ``reverse_inventory`` not to change the order of the items before reversing on python2 and to not backtrace on python3
- icinga2_host - fixed the issue with not working ``use_proxy`` option of the module.
- influxdb_user - An unspecified password now sets the password to blank, except on existing users. This previously caused an unhandled exception.
- influxdb_user - Fixed unhandled exception when using invalid login credentials (https://github.com/ansible/ansible/issues/50131)
- openssl_* - fix error when ``path`` contains a file name without path.
- openssl_csr - fix problem with idempotency of keyUsage option.
- openssl_pkcs12 - now does proper path expansion for ``ca_certificates``.
- os_security_group_rule - os_security_group_rule doesn't exit properly when secgroup doesn't exist and state=absent (https://github.com/ansible/ansible/issues/50057)
- paramiko_ssh - add auth_timeout parameter to ssh.connect when supported by installed paramiko version. This will prevent "Authentication timeout" errors when a slow authentication step (>30s) happens with a host (https://github.com/ansible/ansible/issues/42596)
- purefa_facts and purefb_facts now correctly adds facts into main ansible_fact dictionary (https://github.com/ansible/ansible/pull/50349)
- reboot - add appropriate commands to make the plugin work with VMware ESXi (https://github.com/ansible/ansible/issues/48425)
- reboot - add support for rebooting AIX (https://github.com/ansible/ansible/issues/49712)
- reboot - gather distribution information in order to support Alpine and other distributions (https://github.com/ansible/ansible/issues/46723)
- reboot - search common paths for the shutdown command and use the full path to the binary rather than depending on the PATH of the remote system (https://github.com/ansible/ansible/issues/47131)
- reboot - use a common set of commands for older and newer Solaris and SunOS variants (https://github.com/ansible/ansible/pull/48986)
- redfish_utils - fix reference to local variable 'systems_service'
- setup - fix the rounding of the ansible_memtotal_mb value on VMWare vm's (https://github.com/ansible/ansible/issues/49608)
- vultr_server - fixed multiple ssh keys were not handled.
- win_copy - Fix copy of a dir that contains an empty directory - https://github.com/ansible/ansible/issues/50077
- Fix issues with nxos_install_os module for nxapi (https://github.com/ansible/ansible/pull/48811).
- Fix lldp and cdp neighbors information (https://github.com/ansible/ansible/pull/48318)(https://github.com/ansible/ansible/pull/48087)(https://github.com/ansible/ansible/pull/49024).
- Fix nxos_interface and nxos_linkagg Idempotence issue (https://github.com/ansible/ansible/pull/46437).
- Fix traceback when updating facts and the fact cache plugin was nonfunctional
- Fix using vault encrypted data with jinja2_native (https://github.com/ansible/ansible/issues/48950)
- Fixed: Make sure that the files excluded when extracting the archive are not checked. https://github.com/ansible/ansible/pull/45122
- Fixes issue where a password parameter was not set to no_log
- Respect no_log on retry and high verbosity (CVE-2018-16876)
- aci_rest - Fix issue ignoring custom port
- acme_account, acme_account_facts - in some cases, it could happen that the modules return information on disabled accounts accidentally returned by the ACME server.
- docker_swarm - decreased minimal required API version from 1.35 to 1.25; some features require API version 1.30 though.
- docker_swarm_service: fails because of default "user: root" (https://github.com/ansible/ansible/issues/49199)
- ec2_metadata_facts - Parse IAM role name from the security credential field since the instance profile name is different
- fix azure_rm_image module use positional parameter (https://github.com/ansible/ansible/pull/49394)
- fixes an issue with dict_merge in network utils (https://github.com/ansible/ansible/pull/49474)
- gcp_utils - fix google auth scoping issue with application default credentials or google cloud engine credentials. Only scope credentials that can be scoped.
- mail - fix python 2.7 regression
- openstack - fix parameter handling when cloud provided as dict https://github.com/ansible/ansible/issues/42858
- os_user - Include domain parameter in user deletion https://github.com/ansible/ansible/issues/42901
- os_user - Include domain parameter in user lookup https://github.com/ansible/ansible/issues/42901
- ovirt_storage_connection - comparing passwords breaks idempotency in update_check (https://github.com/ansible/ansible/issues/48933)
- paramiko_ssh - improve log message to state the connection type
- reboot - use IndexError instead of TypeError in exception
- redis cache - Support version 3 of the redis python library (https://github.com/ansible/ansible/issues/49341)
- sensu_silence - Cast int for expire field to avoid call failure to sensu API.
- vmware_host_service_facts - handle exception when service package does not have package name.
- win_nssm - Switched to Argv-ToString for escaping NSSM credentials (https://github.com/ansible/ansible/issues/48728)
- zabbix_hostmacro - Added missing validate_certs logic for running module against Zabbix servers with untrused SSL certificates (https://github.com/ansible/ansible/issues/47611)
- zabbix_hostmacro - Fixed support for user macros with context (https://github.com/ansible/ansible/issues/46953)
- Document Path and Port are mutually exclusive parameters in wait_for module.
- Puppet module remove ``--ignorecache`` to allow Puppet 6 support
- dnf properly support modularity appstream installation via overloaded group modifier syntax
- proxmox_kvm - fix exception.
- win_security_policy - warn users to use win_user_right instead when editing ``Privilege Rights``
Bugfixes
--------
- Fix the issue that FTD HTTP API retries authentication-related HTTP requests.
- Fix the issue that module fails when the Swagger model does not have required fields.
- Fix the issue with comparing string-like objects.
- Fix using omit on play keywords (https://github.com/ansible/ansible/issues/48673)
- Windows - prevent sensitive content from appearing in scriptblock logging (CVE 2018-16859)
- apt_key - Disable TTY requirement in GnuPG for the module to work correctly when SSH pipelining is enabled (https://github.com/ansible/ansible/pull/48580)
- better error message when bad type in config, deal with EVNAR= more gracefully https://github.com/ansible/ansible/issues/22470
- configuration retrieval would fail on non primed plugins
- cs_template - Fixed a KeyError on state=extracted.
- docker_container - fix idempotency problems with docker-py caused by previous ``init`` idempotency fix.
- docker_container - fix interplay of docker-py version check with argument_spec validation improvements.
- docker_network - ``driver_options`` containing Python booleans would cause Docker to throw exceptions.
- ec2_group - Fix comparison of determining which rules to purge by ignoring descriptions - https://github.com/ansible/ansible/issues/47904
- Parsing plugin filter may raise TypeError, gracefully handle this exception and let user know about the syntax error in plugin filter file.
- Scenario guide for VMware HTTP API usage.
- Update plugin filter documentation.
- fix yum and dnf autoremove input sanitization to properly warn user if invalid options passed and update documentation to match
- improve readability and fix privileges names on vmware scenario_clone_template.
- k8s - updated module documentation to mention how to avoid SSL validation errors
- yum - when checking for updates, now properly include Obsoletes (both old and new) package data in the module JSON output, fixes https://github.com/ansible/ansible/issues/39978
Bugfixes
--------
- ACME modules support `POST-as-GET <https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380>`__ and will be able to access Let's Encrypt ACME v2 endpoint after November 1st, 2019.
- Add force disruptive option nxos_instal_os module (https://github.com/ansible/ansible/pull/47694).
- Avoid misleading PyVmomi error if requests import fails in vmware module utils.
- Fix argument spec for NetApp modules that are using the old version
- Fix consistency issue in grafana_dashboard module where the module would detect absence of 'dashboard' key on dashboard create but not dashboard update.
- Fix idempotency issues when setting BIOS attributes via redfish_config module (https://github.com/ansible/ansible/pull/47462)
- Fix issue getting output from failed ios commands when ``check_rc=False``
- Fix issue with HTTP redirects with redfish_facts module (https://github.com/ansible/ansible/pull/45704)
- Fix the password lookup when run from a FIPS enabled system. FIPS forbids the use of md5 but we can use sha1 instead. https://github.com/ansible/ansible/issues/47297
- Fix trailing command in net_neighbors nxos_facts (https://github.com/ansible/ansible/pull/47548).
- Fixed an issue where ``os_router`` would attempt to recreate router, because lack of ``enabled_snat`` parameter was treated as difference, if default Neutron policy for snat is set. (https://github.com/ansible/ansible/issues/29903)
- Fixes issues with source and destination location for na_ontap_snapmirror
- Handle exception when there is no snapshot available in virtual machine or template while cloning using vmware_guest.
- Provides flexibility when retrieving redfish facts by not assuming that certains keys exist. Checks first if key exists before attempting to read from it.
- Restore timeout in set_vm_power_state operation in vmware_guest_powerstate module.
- aci_access_port_to_interface_policy_leaf_profile - Support missing policy_group
- aci_interface_policy_leaf_policy_group - Support missing aep
- aci_switch_leaf_selector - Support empty policy_group
- ansible-galaxy - support yaml extension for meta file (https://github.com/ansible/ansible/pull/46505)
- assert - add 'success_msg' to valid args (https://github.com/ansible/ansible/pull/47030)
- delegate_to - Fix issue where delegate_to was upplied via ``apply`` on an include, where a loop was present on the include
- django_manage - Changed the return type of the changed variable to bool.
- docker_container - ``init`` and ``shm_size`` are now checked for idempotency.
- docker_container - do not fail when removing a container which has ``auto_remove: yes``.
- docker_container - fix ``ipc_mode`` and ``pid_mode`` idempotency if the ``host:<container-name>`` form is used (as opposed to ``host:<container-id>``).
- docker_container - fix ``paused`` option (which never worked).
- docker_container - fixing race condition when ``detach`` and ``auto_remove`` are both ``true``.
- docker_container - refactored minimal docker-py/API version handling, and fixing such handling of some options.
- docker_container - some docker versions require containers to be unpaused before stopping or removing. Adds check to do this when docker returns a corresponding error on stopping or removing.
- docker_swarm - making ``advertise_addr`` optional, as it was already documented.
- docker_swarm_service - The ``publish``.``mode`` parameter was being ignored if docker-py version was < 3.0.0. Added a parameter validation test.
- docker_volume - ``labels`` now work (and are a ``dict`` and no longer a ``list``).
- ec2_instance: - Fixed issue where ebs_optimized was considered sub-option of the network parameter. (https://github.com/ansible/ansible/issues/48159)
- fix mail notification module when using starttls and py3.7
- ini_file: Options within no sections aren't included, deleted or modified. These are just unmanged. This pull request solves this. (see https://github.com/ansible/ansible/pull/44324)
- ldap_attr map to list (https://github.com/ansible/ansible/pull/48009)
- lvg - fixed an idempotency regression in the lvg module (https://github.com/ansible/ansible/issues/47301)
- net_put - fix when net_put module leaves temp files in some network OS cases e.g. routerOS
- dnf properly honor disable_gpg_check for local (on local disk of remote node) package installation
- fix yum module to handle list argument optional empty strings properly
- netconf_config - Make default_operation optional in netconf_config module (https://github.com/ansible/ansible/pull/46333)
- win_nssm - Drop support of literal YAML dictionnary for ``app_parameters`` option. Use the ``key=value;`` string form instead
- yum - properly handle proxy password and username embedded in url
- yum/dnf - fail when space separated string of names (https://github.com/ansible/ansible/pull/47109)
Bugfixes
--------
- Ansible JSON Decoder - Switch from decode to object_hook to support nested use of __ansible_vault and __ansible_unsafe (https://github.com/ansible/ansible/pull/45514)
- Don't parse parameters and options when ``state`` is ``absent`` (https://github.com/ansible/ansible/pull/45700).
- FieldAttribute - Do not use mutable defaults, instead allow supplying a callable for defaults of mutable types (https://github.com/ansible/ansible/issues/46824)
- Fix an issue with the default telnet prompt handling. The value needs to be escaped otherwise it does not work when converted to bytes.
- Fix calling deprecate with correct arguments (https://github.com/ansible/ansible/pull/46062).
- Fix iterator to list conversion in ldap_entry module.
- Fix pip module so that it can recognize multiple extras
- Fix prompt mismatch issue for ios (https://github.com/ansible/ansible/issues/47004)
- Fix the issue with refreshing the token by storing Authorization header inside HttpApi connection plugin.
- Fix the quoting of vhost and other names in rabbitmq_binding
- Fix the win_reboot plugin so that the post_reboot_delay parameter is honored
- Fixed an issue with ansible-doc -l failing when parsing some plugin documentation.
- Fixed: Appropriate code to expand value was missing so assigning SSL certificate is not working as described in the documentation. https://github.com/ansible/ansible/pull/45830
- Fixes an error that occurs when attempting to see if the netns already exists on the remote device. This change will now execute ``ip netns list`` and check if the desired namespace is in the output.
- Give user better error messages and more information on verbose about inventory plugin behaviour
- Hardware fact gathering now completes on Solaris 8. Previously, it aborted with error `Argument 'args' to run_command must be list or string`.
- Ignore empty result of rabbitmqctl list_user_permissions.
- In systemd module, allow scope to default to 'system'
- In systemd module, fix check if a systemd+initd service is enabled - disabled in systemd means disabled
- Only access EC2 volume tags when set
- Only delete host key from redis in-memory cache if present.
- PLUGIN_FILTERS_CFG - Ensure that the value is treated as type=path, and that we use the standard section of ``defaults`` instead of ``default`` (https://github.com/ansible/ansible/pull/45994)
- Refactor virtual machine disk logic.
- Restore SIGPIPE to SIG_DFL when creating subprocesses to avoid it being ignored under Python 2.
- Rewrite get_resource_pool method for correct resource_pool selection.
- The docker_* modules more uniformly check versions of docker-py/docker and (if necessary) the docker API.
- Update callbacks to use Ansible's JSON encoder to avoid known serialization issues
- Update the signatures of many cliconf plugins' get() methods to support the check_all paramter. Specifically, aireos, aruba, asa, ce, cnos, dellos6, dellos9, dellos10, edgeos, enos, exos, ironware, nos, onyx, routeros, slxos, and voss were updated. This fixes the cli_command module for these platforms
- Vultr - fix for unreliable API behaviors resulting in timeouts (https://github.com/ansible/ansible/pull/45712/).
- ansible-connection - Clean up socket files if playbook aborted before connection is started.
- ansible-doc, removed local hardcoded listing, now uses the 'central' list from constants and other minor issues
- aws_ec2 - fixed issue where cache did not contain the computed groups
- aws_ssm_parameter_store - AWS Systems Manager Parameter Store may reach an internal limit before finding the expected parameter, causing misleading results. This is resolved by paginating the describe_parameters call.
- azure_rm_deployment - fixed regression that prevents resource group from being created (https://github.com/ansible/ansible/issues/45941)
- blockinfile - use bytes rather than a native string to prevent a stacktrace in Python 3 when writing to the file (https://github.com/ansible/ansible/issues/46237)
- chroot connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
- cs_instance - Fix docs and typo in examples (https://github.com/ansible/ansible/pull/46035).
- cs_instance - Fix host migration without volume (https://github.com/ansible/ansible/pull/46115).
- delegate_to - When templating ``delegate_to`` in a loop, don't use the task for a cache, return a special cache through ``get_vars`` allowing looping over a hostvar (https://github.com/ansible/ansible/issues/47207)
- docker connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
- docker_container - Fix idempotency problems with ``cap_drop`` and ``groups`` (when numeric group IDs were used).
- docker_container - Fix type conversion errors for ``log_options``.
- docker_container - Fixing various comparison/idempotency problems related to wrong comparisons. In particular, comparisons for ``command`` and ``entrypoint`` (both lists) no longer ignore missing elements during idempotency checks.
- docker_container - Makes ``blkio_weight``, ``cpuset_mems``, ``dns_opts`` and ``uts`` options actually work.
- docker_container - ``publish_ports: all`` was not used correctly when checking idempotency.
- docker_container - fail if ``ipv4_address`` or ``ipv6_address`` is used with a too old docker-py version.
- docker_container - fix behavior of ``detach: yes`` if ``auto_remove: yes`` is specified.
- docker_container - fix idempotency check for published_ports in some special cases.
- docker_container - the behavior is improved in case ``image`` is not specified, but needed for (re-)creating the container.
- docker_network - fixes idempotency issues (https://github.com/ansible/ansible/issues/33045) and name substring issue (https://github.com/ansible/ansible/issues/32926).
- docker_service - correctly parse string values for the `scale` parameter https://github.com/ansible/ansible/pull/45508
- docker_volume - fix ``force`` and change detection logic. If not both evaluated to ``True``, the volume was not recreated.
- dynamic includes - Use the copied and merged task for calculating task vars in the free strategy (https://github.com/ansible/ansible/issues/47024)
- ec2_group - There can be multiple security groups with the same name in different VPCs. Prior to 2.6 if a target group name was provided, the group matching the name and VPC had highest precedence. Restore this behavior by updated the dictionary with the groups matching the VPC last.
- ec2_group - support EC2-Classic by not assuming security groups have VPCs.
- ec2_metadata_facts - Parse IAM role name from metadata ARN instead of security credential field.
- fetch_url did not always return lower-case header names in case of HTTP errors (https://github.com/ansible/ansible/pull/45628).
- fix azure_rm_autoscale module can create a schedule with fixed start/end date (https://github.com/ansible/ansible/pull/47186)
- fix flatten to properly handle multiple lists in lists https://github.com/ansible/ansible/issues/46343
- get_url - improve code that parses checksums from a file so it is not fragile and reports a helpful error when no matching checksum is found
- handlers - fix crash when handler task include tasks
- jail connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
- nmcli - fix syntax of vlan modification command (https://github.com/ansible/ansible/issues/42322)
- nxos_file_copy fix for binary files (https://github.com/ansible/ansible/pull/46822).
- openssl_csr - fix byte encoding issue on Python 3
- openssl_pkcs12 - fix byte encoding issue on Python 3
- os_router - ``enable_snat: no`` was ignored.
- ovirt_host_network - check for empty user_opts (https://github.com/ansible/ansible/pull/47283).
- ovirt_vm - Check next_run configuration update if exist (https://github.com/ansible/ansible/pull/47282/).
- ovirt_vm - Fix initialization of cloud init (https://github.com/ansible/ansible/pull/47354).
- ovirt_vm - Fix issue in SSO option (https://github.com/ansible/ansible/pull/47312).
- ovirt_vm - Fix issue in setting the custom_compatibility_version to NULL (https://github.com/ansible/ansible/pull/47388).
- pamd: add delete=False to NamedTemporaryFile() fixes OSError on module completion, and removes print statement from module code. (see https://github.com/ansible/ansible/pull/47281 and https://github.com/ansible/ansible/issues/47080)
- pamd: use module.tmpdir for NamedTemporaryFile() (see https://github.com/ansible/ansible/pull/47133 and https://github.com/ansible/ansible/issues/36954)
- postgresql_user - create pretty error message when creating a user without an encrypted password on newer PostgreSQL versions
- psrp - Fix issue when dealing with unicode values in the output for Python 2
- reboot - add reboot_timeout parameter to the list of parameters so it can be used.
- reboot - add support for OpenBSD
- reboot - use correct syntax for fetching a value from a dict and account for bare Linux systems (https://github.com/ansible/ansible/pull/45607#issuecomment-422403177)
- reboot - use unicode instead of bytes for stdout and stderr to match the type returned from low_level_execute()
- roles - Ensure that we don't overwrite roles that have been registered (from imports) while parsing roles under the roles header (https://github.com/ansible/ansible/issues/47454)
- route53 - fix CAA record ordering for idempotency.
- ssh connection - Support empty files with piped transfer_method (https://github.com/ansible/ansible/issues/45426)
- templar - Do not strip new lines in native jinja - https://github.com/ansible/ansible/issues/46743
- unsafe - Add special casing to sets, to support wrapping elements of sets correctly in Python 3 (https://github.com/ansible/ansible/issues/47372)
- use proper module_util to get Ansible version for Azure requests
- user - add documentation on what underlying tools are used on each platform (https://github.com/ansible/ansible/issues/44266)
- user module - do not pass ssh_key_passphrase on cmdline (CVE-2018-16837)
- vmware - honor "wait_for_ip_address" when powering on a VM
- vultr_server - fix diff for user data (https://github.com/ansible/ansible/pull/45753/).
- vyos_facts - fix vyos_facts not returning version number issue (https://github.com/ansible/ansible/pull/39115)
- win_copy - Fix issue where the dest return value would be enclosed in single quote when dest is a folder - https://github.com/ansible/ansible/issues/45281
- win_nssm - Add missing space between parameters with ``app_parameters``
- win_nssm - Correctly escape argument line when a parameter contains spaces, quotes or backslashes
- win_nssm - Fix error when several services were given to the ``dependencies`` option
- win_nssm - Fix extra space added in argument line with ``app_parameters`` or ``app_parameters_free_form`` when a parameter start by a dash and is followed by a period (https://github.com/ansible/ansible/issues/44079)
- win_nssm - Fix service not started when ``state=started`` (https://github.com/ansible/ansible/issues/35442)
- win_nssm - Fix several issues and idempotency problems (https://github.com/ansible/ansible/pull/44755)
- winrm - Only use pexpect for auto kerb auth if it is installed and contains the required kwargs - https://github.com/ansible/ansible/issues/43462
- zabbix_host - module was failing when zabbix host was updated with new interface and template depending on that interface at the same time
- zone connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
- Allow config to enable native jinja types (https://github.com/ansible/ansible/pull/32738)
- Extends `module_defaults` by adding a prefix to defaults `group/` which denotes a builtin or user-specified list of modules, such as `group/aws` or `group/gcp`
- New keyword `ignore_unreachable` for plays and blocks. Allows ignoring tasks that fail due to unreachable hosts, and check results with `is unreachable` test.
- New yumdnf module defines the shared argument specification for both yum and dnf modules and provides an entry point to share code when applicable
- Remove support for simplejson (https://github.com/ansible/ansible/issues/42761)
- Support for running an Ansible controller with Python-2.6 has been dropped. You can still manage machines which use Python-2.6 but you will have to manage them from a machine which has Python-2.7 or Python-3.5 or greater installed. See the `porting guide <https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.7.html>`_ if you need more information.
- new yum action plugin enables the yum module to work with both yum3 and dnf-based yum4 by detecting the backend package manager and routing commands through the correct Ansible module for that python API
- Add `is_boto3_error_code` function to `module_utils/aws/core.py` to make it easier for modules to handle special AWS error codes.
- Add use_backend to yum module/action plugin
- Added PrivilegeUtil PowerShell module util to easily control Windows Privileges in a process
- Added capability to skip ssl verification on zabbix host with dynamic inventory
- Added inventory.any_unparsed_is_failed configuration setting. In an inventory with a static hosts file and (say) ec2.py, enabling this setting will cause a failure instead of a warning if ec2.py fails.
- Added new filter to generate random MAC addresses from a given string acting as a prefix. Refer to the appropriate entry which has been added to user_guide playbook_filters.rst document.
- Added the from_yaml_all filter to parse multi-document yaml strings. Refer to the appropriate entry which as been added to user_guide playbooks_filters.rst document.
- Ansible-2.7 changes the Ansiballz strategy for running modules remotely so that invoking a module only needs to invoke python once per module on the remote machine instead of twice.
- Better error handling for depsolve and transaction errors in DNF
- Changed the prefix of all Vultr modules from vr to vultr (https://github.com/ansible/ansible/issues/42942).
- Enable installroot tests for yum4(dnf) integration testing, dnf backend now supports that
- Explicit encoding for the output of the template module, to be able to generate non-utf8 files from a utf-8 template. (https://github.com/ansible/proposals/issues/121)
- File locking feature added, making it possible to gain exclusive access to given file through module_utils.common.file.FileLock (https://github.com/ansible/ansible/issues/29962)
- Fix dnf handling of autoremove to be compatible with yum
- In Ansible-2.4 and above, Ansible passes the temporary directory a module should use to the module. This is done via a module parameter (_ansible_tmpdir). An earlier version of this which was also prototyped in Ansible-2.4 development used an environment variable, ANSIBLE_REMOTE_TMP to pass this information to the module instead. When we switched to using a module parameter, the environment variable was left in by mistake. Ansible-2.7 removes that variable. Any third party modules which relied on it should use the module parameter instead.
- New config options `display_ok_hosts` and `display_failed_stderr` (along with the existing `display_skipped_hosts` option) allow more fine-grained control over the way that ansible displays output from a playbook (https://github.com/ansible/ansible/pull/41058)
- Removed an unnecessary import from the AnsiballZ wrapper
- Restore module_utils.basic.BOOLEANS variable for backwards compatibility with the module API in older ansible releases.
- Setting file attributes (via the file module amongst others) now accepts + and - modifiers to add or remove individual attributes. (https://github.com/ansible/ansible/issues/33838)
- Switch from zip to bc for certain package install/remove test cases in yum integration tests. The dnf depsolver downgrades python when you uninstall zip which alters the test environment and we have no control over that.
- The acme_account and acme_certificate modules now support two backends: the Python cryptograpy module or the OpenSSL binary. By default, the modules detect if a new enough cryptography module is available and use it, with the OpenSSL binary being a fallback. If the detection fails for some reason, the OpenSSL binary backend can be explicitly selected by setting select_crypto_backend to openssl.
- The apt, ec2_elb_lb, elb_classic_lb, and unarchive modules have been ported away from using __file__. This is futureproofing as__file__ won't work if we switch to using python -m to invoke modules in the future or if we figure out a way to make a module never touch disk for pipelining purposes.
- The password_hash filter supports all parameters of passlib. This allows users to provide a rounds parameter. (https://github.com/ansible/ansible/issues/15326)
- dnf - group removal does not work if group was installed with Ansible because of dnf upstream bug https://bugzilla.redhat.com/show_bug.cgi?id=1620324
- ec2_group - Add diff mode support with and without check mode. This feature is preview and may change when a common framework is adopted for AWS modules.
- elasticsearch_plugin - Add the possibility to use the elasticsearch_plugin installation batch mode to install plugins with advanced privileges without user interaction.
- gather_subset - removed deprecated functionality for using comma separated list with gather_subset (https://github.com/ansible/ansible/pull/44320)
- get_url - implement [expend checksum format to <algorithm>:(<checksum>|<url>)] (https://github.com/ansible/ansible/issues/27617)
- roles - removed deprecated functionality for non YAML role specs (https://github.com/ansible/ansible/pull/44320)
- roles - removed deprecated special casing functionality of connection, port, and remote_user for role params (https://github.com/ansible/ansible/pull/44320)
- service - removed deprecated state=running (https://github.com/ansible/ansible/pull/44320)
- shell module - Add support for check mode when passing creates or removes arguments. (https://github.com/ansible/ansible/pull/40428)
- sns_topic - Port sns_topic module to boto3 and add an integration test suite.
- ssh - reset connection will show a warning instead of failing for older OpenSSH versions
- to_nice_json - specify separators to json.dumps to normalize the output between python2 and python3 (https://github.com/ansible/ansible/pull/42633)
- user - backup shadow file on platforms where the module modifies it directly (https://github.com/ansible/ansible/issues/40696)
- user module - add a sanity check for the user's password and a more helpful warning message (https://github.com/ansible/ansible/pull/43615)
- win_disk_image - return a list of mount paths with the return value ``mount_paths``, this will always be a list and contain all mount points in an image
- win_psexec - Added the ``session`` option to specify a session to start the process in
- winrm - change the _reset() method to use reset() that is part of ConnectionBase
Deprecated Features
-------------------
- Modules will no longer be able to rely on the __file__ attribute pointing to a real file. If your third party module is using __file__ for something it should be changed before 2.8. See the 2.7 porting guide for more information.
- The `skippy`, `full_skip`, `actionable`, and `stderr` callback plugins have been deprecated in favor of config options that influence the behavior of the `default` callback plugin (https://github.com/ansible/ansible/pull/41058)
- The configuration toggle, ``merge_multiple_cli_tags``, has been removed. This setting controlled whether specifying ``--tags`` or ``--skip-tags`` multiple times on the commandline would merge the specified tags or use the old behaviour of overwriting the previous entry. The overwriting behaviour was deprecated in 2.3 and the default value of the config option became merge in 2.4.
-**Security Fix** - Some connection exceptions would cause no_log specified on a task to be ignored. If this happened, the task information, including any private information could have been displayed to stdout and (if enabled, not the default) logged to a log file specified in ansible.cfg's log_path. Additionally, sites which redirected stdout from ansible runs to a log file may have stored that private information onto disk that way as well. (https://github.com/ansible/ansible/pull/41414)
-**Security Fix** - avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir
-**Security Fix** - avoid using ansible.cfg in a world writable dir.
- Additional checks ensure that there is always a result of hashing passwords in the password_hash filter and vars_prompt, otherwise an error is returned. Some modules (like user module) interprets None as no password at all, which can be dangerous if the password given above is passed directly into those modules.
- Avoids deprecated functionality of passlib with newer library versions.
- Changed the admin_users config option to not include "admin" by default as admin is frequently used for a non-privileged account (https://github.com/ansible/ansible/pull/41164)
- Fix alt linux detection/matching
- Fix an atomic_move error that is 'true', but misleading. Now we show all 3 files involved and clarify what happened.
- Fix ec2_group support for multi-account and peered VPC security groups. Reported in https://github.com/ansible/ansible/issue/44788 and fixed in https://github.com/ansible/ansible/pull/45296
- Fix ecs_taskdefinition handling of changed role_arn. If the task role in a ECS task definition changes ansible should create a new revsion of the task definition. https://github.com/ansible/ansible/pull/45317
- Fix health check parameter handling in elb_target_group per https://github.com/ansible/ansible/issues/43244 about health_check_port. Fixed in https://github.com/ansible/ansible/pull/45314
- Fix lambda_policy updates when principal is an account number. Backport of https://github.com/ansible/ansible/pull/44871
- Fix the mount module's handling of swap entries in fstab (https://github.com/ansible/ansible/pull/42837)
- Fixed an issue where ``ansible_facts.pkg_mgr`` would incorrectly set to ``zypper`` on Debian/Ubuntu systems that happened to have the command installed.
- Fixed runtime module to be able to handle syslog_facility properly when python systemd module installed in a target system. (https://github.com/ansible/ansible/pull/41078)
- Grafana dashboard module compatible with grafana 5 (https://github.com/ansible/ansible/pull/41249)
- On Python2, loading config values from environment variables could lead to a traceback if there were nonascii characters present. Converted them to text strings so that no traceback will occur (https://github.com/ansible/ansible/pull/43468)
- The fix for `CVE-2018-10875 <https://access.redhat.com/security/cve/cve-2018-10875>`__ prints out a warning message about skipping a config file from a world writable current working directory. However, if the user explicitly specifies that the config file should be used via the ANSIBLE_CONFIG environment variable then Ansible would honor that but still print out the warning message. This has been fixed so that Ansible honors the user's explicit wishes and does not print a warning message in that circumstance.
- The fix for `CVE-2018-10875 <https://access.redhat.com/security/cve/cve-2018-10875>`__ prints out a warning message about skipping a config file from a world writable current working directory. However, if the user is in a world writable current working directory which does not contain a config file, it should not print a warning message. This release fixes that extaneous warning.
- The ssh connection plugin was categorizing all 255 exit statuses as an ssh error but modules can return exit code 255 as well. The connection plugin has now been changed to know that certain instances of exit code 255 are not ssh-related. (https://github.com/ansible/ansible/pull/41716)
- allow custom endpoints to be used in the aws_s3 module (https://github.com/ansible/ansible/pull/36832)
- allow gathering env exception to work even when injection is off
- always correctly template no log for tasks https://github.com/ansible/ansible/issues/43294
- ansible-galaxy - properly list all roles in roles_path (https://github.com/ansible/ansible/issues/43010)
- authorized_key now have an option for following symlinks, default behaviour (False) can be changed by setting follow True/False
- basic.py - catch ValueError in case a FIPS enabled platform raises this exception - https://github.com/ansible/ansible/issues/44447
- become runas - changed runas process so it does not create a temporary file on the disk during execution
- cloudfront_distribution - replace call to nonexistent method 'validate_distribution_id_from_caller_reference' with 'validate_distribution_from_caller_reference' and set the distribution_id variable to the distribution's 'Id' key.
- corrected and clarified 'user' option deprecation in systemd module in favor of 'scope' option.
- delegate_to - ensure if we get a non-Task object in _get_delegated_vars, we return early (https://github.com/ansible/ansible/pull/44934)
- docker_container: fixing ``working_dir`` idempotency problem (https://github.com/ansible/ansible/pull/42857)
- docker_container: makes unit parsing for memory sizes more consistent, and fixes idempotency problem when ``kernel_memory`` is set (see https://github.com/ansible/ansible/pull/16748 and https://github.com/ansible/ansible/issues/42692)
- ec2_group - Sanitize the ingress and egress rules before operating on them by flattening any lists within lists describing the target CIDR(s) into a list of strings. Prior to Ansible 2.6 the ec2_group module accepted a list of strings, a list of lists, or a combination of strings and lists within a list. https://github.com/ansible/ansible/pull/45594
- ec2_vpc_route_table - check the origin before replacing routes. Routes with the origin 'EnableVgwRoutePropagation' may not be replaced.
- elasticsearch_plugin - Improve error messages and show stderr of elasticsearch commands
- elb_application_lb - Fix a dangerous behavior of deleting an ELB if state was omitted from the task. Now state defaults to 'present', which is typical throughout AWS modules.
- file module - The touch subcommand had its diff output broken during the 2.6.x development cycle. The patch to fix that broke check mode. This is now fixed (https://github.com/ansible/ansible/issues/42111)
- file module - The touch subcommand had its diff output broken during the 2.6.x development cycle. This is now fixed (https://github.com/ansible/ansible/issues/41755)
- fix async for the aws_s3 module by adding async support to the action plugin (https://github.com/ansible/ansible/pull/40826)
- fix decrypting vault files for the aws_s3 module (https://github.com/ansible/ansible/pull/39634)
- fix default SSL version for docker modules https://github.com/ansible/ansible/issues/42897
- fix for the bundled selectors module (used in the ssh and local connection plugins) when a syscall is restarted after being interrupted by a signal (https://github.com/ansible/ansible/issues/41630)
- fix mail module for python 3.7.0 (https://github.com/ansible/ansible/pull/44552)
- fix the enable_snat parameter that is only supposed to be used by an user with the right policies. https://github.com/ansible/ansible/pull/44418
- fix the remote tmp folder permissions issue when becoming a non admin user - https://github.com/ansible/ansible/issues/41340, https://github.com/ansible/ansible/issues/42117
- flatten filter - use better method of type checking allowing flattening of mutable and non-mutable sequences (https://github.com/ansible/ansible/pull/44331)
- gce_net - Fix sorting of allowed ports (https://github.com/ansible/ansible/pull/41567)
- include - Change order of where the new block is inserted with apply so that apply args are not applied to the include also (https://github.com/ansible/ansible/pull/44912)
- includes - ensure we do not double register handlers from includes to prevent exception (https://github.com/ansible/ansible/issues/44848)
- loop - Ensure that a loop with a when condition that evaluates to false and delegate_to, will short circuit if the loop references an undefined variable. This matches the behavior in the same scenario without delegate_to (https://github.com/ansible/ansible/issues/45189)
- loop - Ensure we only cache the loop when the task had a loop and delegate_to was templated (https://github.com/ansible/ansible/issues/44874)
- urls - Only assume GET method if data is empty, otherwise POST
- user - Strip trailing comments in /etc/default/passwd (https://github.com/ansible/ansible/pull/43931)
- user - fix bug that resulted in module always reporting a change when specifiying the home directory on FreeBSD (https://github.com/ansible/ansible/issues/42484)
- user - use correct attribute name in FreeBSD for creat_home (https://github.com/ansible/ansible/pull/42711)
- vars_prompt - properly template play level variables in vars_prompt (https://github.com/ansible/ansible/issues/37984)
- vars_prompt with encrypt does not require passlib for the algorithms supported by crypt.
- vault - fix error message encoding, and ensure we present a friendlier error when the EDITOR is missing (https://github.com/ansible/ansible/pull/44423)
- win_chocolatey - enable TLSv1.2 support when downloading the Chocolatey installer https://github.com/ansible/ansible/issues/41906
- win_chocolatey - fix issue where state=downgrade would upgrade a package if no version was set
- win_domain - ensure the Netlogon service is up and running after promoting host to controller - https://github.com/ansible/ansible/issues/39235
- win_domain - fixes typo in one of the AD cmdlets https://github.com/ansible/ansible/issues/41536
- win_domain_computer - fixed deletion of computer active directory object that have dependent objects (https://github.com/ansible/ansible/pull/44500)
- win_domain_controller - ensure the Netlogon service is up and running after promoting host to controller - https://github.com/ansible/ansible/issues/39235
- win_iis_webapppool - redirect some module output to null so Ansible can read the output JSON https://github.com/ansible/ansible/issues/40874
- win_lineinfile - changed `-Path` to `-LiteralPath` so that square brackes in the path are interpreted literally - https://github.com/ansible/ansible/issues/44508
- winrm - ensure pexpect is set to not echo the input on a failure and have a manual sanity check afterwards https://github.com/ansible/ansible/issues/41865
- winrm - running async with become on a Server 2008 or 2008 R2 host will now work
New Plugins
-----------
Callback
~~~~~~~~
- counter_enabled - adds counters to the output items (tasks and hosts/task)
- logdna - Sends playbook logs to LogDNA
- splunk - Sends task result events to Splunk HTTP Event Collector
Connection
~~~~~~~~~~
- psrp - Run tasks over Microsoft PowerShell Remoting Protocol
Inventory
~~~~~~~~~
- tower - Ansible dynamic inventory plugin for Ansible Tower.