- allow set_options to be called multiple times https://github.com/ansible/ansible/pull/41913
- group_by - support implicit localhost (https://github.com/ansible/ansible/pull/41860)
- lineinfile - fix insertbefore when used with BOF to not insert duplicate lines (https://github.com/ansible/ansible/issues/38219)
- password lookup - Do not load password lookup in network filters, allowing the password lookup to be overriden (https://github.com/ansible/ansible/pull/41907)
- win_iis_webapppool - redirect some module output to null so Ansible can read the output JSON https://github.com/ansible/ansible/issues/40874
- Raise AnsibleParserError which was missing previously
Bugfixes
--------
- Changed the output to "text" for "show vrf" command as default "json" output format with respect to "eapi" transport was failing (https://github.com/ansible/ansible/pull/41470)
- added missing 'raise' to exception definition https://github.com/ansible/ansible/pull/41690
- correct debug display for all cases https://github.com/ansible/ansible/pull/41331
- correctly check hostvars for vars term https://github.com/ansible/ansible/pull/41819
- correctly handle yaml inventory files when entries are null dicts https://github.com/ansible/ansible/issues/41692
- file module - The touch subcommand had its diff output broken during the 2.6.x development cycle. This is now fixed (https://github.com/ansible/ansible/issues/41755)
- fix apt-mark on debian6 (https://github.com/ansible/ansible/pull/41530)
- fixed config required handling, specifically for _terms in lookups https://github.com/ansible/ansible/pull/41740
- win_updates - Fixed issue where running win_updates on async fails without any error
- winrm - ensure pexpect is set to not echo the input on a failure and have a manual sanity check afterwards https://github.com/ansible/ansible/issues/41865
- **Security Fix** - Some connection exceptions would cause no_log specified on a task to be ignored. If this happened, the task information, including any private information could have been displayed to stdout and (if enabled, not the default) logged to a log file specified in ansible.cfg's log_path. Additionally, sites which redirected stdout from ansible runs to a log file may have stored that private information onto disk that way as well. (https://github.com/ansible/ansible/pull/41414)
- Fix added for Digital Ocean Volumes API change causing Ansible to recieve an unexpected value in the response. (https://github.com/ansible/ansible/pull/41431)
- Fix iosxr_config module to handle route-policy, community-set, prefix-set, as-path-set and rd-set blocks. All these blocks are part of route-policy language of iosxr.
- gce_net - Fix sorting of allowed ports (https://github.com/ansible/ansible/pull/41567)
- uses correct conn info for reset_connection https://github.com/ansible/ansible/issues/27520
- Changed the admin_users config option to not include "admin" by default as admin is frequently used for a non-privileged account (https://github.com/ansible/ansible/pull/41164)
- allow custom endpoints to be used in the aws_s3 module (https://github.com/ansible/ansible/pull/36832)
- ansible-doc - fixed traceback on missing plugins (https://github.com/ansible/ansible/pull/41167)
- cast the device_mapping volume size to an int in the ec2_ami module (https://github.com/ansible/ansible/pull/40938)
- fix BotoCoreError exception handling
- fix async for the aws_s3 module by adding async support to the action plugin (https://github.com/ansible/ansible/pull/40826)
- fix decrypting vault files for the aws_s3 module (https://github.com/ansible/ansible/pull/39634)
- fix errors with S3-compatible APIs if they cannot use ACLs for buckets or objects
- fix permission handling to try to download a file even if the user does not have permission to list all objects in the bucket
- removed the deprecated always_run task option, please use `check_mode: no` instead
Bugfixes
--------
- powershell - use the tmpdir set by `remote_tmp` for become/async tasks instead of the generic $env:TEMP - https://github.com/ansible/ansible/pull/40210
- selinux - correct check mode behavior to report same changes as normal mode (https://github.com/ansible/ansible/pull/40721)
- synchronize - Ensure the local connection created by synchronize uses _remote_is_local=True, which causes ActionBase to build a local tmpdir (https://github.com/ansible/ansible/pull/40833)
- win_updates - Added the ability to run on a scheduled task for older hosts so async starts working again - https://github.com/ansible/ansible/issues/38364
- winrm - Add better error handling when the kinit process fails
- xenserver_facts - ensure module works with newer versions of XenServer (https://github.com/ansible/ansible/pull/35821)
New Plugins
-----------
Inventory
~~~~~~~~~
- gcp_compute - Google Cloud Compute Engine inventory source
- Added an ``encoding`` option to the ``b64encode`` and ``b64decode`` filters to specify the encoding of the string that is base64 encoded.
- Added an ``encoding`` option to the ``b64encode`` and ``b64decode`` filters to specify the encoding of the string that is base64 encoded.
- PowerShell modules that use Convert-ToSID in Ansible.ModuleUtils.SID.psm1 like win_user_right now accept an actual SID as an input string. This means any local or domain accounts that are named like a SID need to be prefixed with the domain, hostname, or . to ensure it converts to that accounts SID https://github.com/ansible/ansible/issues/38502
- PowerShell modules that use Convert-ToSID in Ansible.ModuleUtils.SID.psm1 like win_user_right now accept an actual SID as an input string. This means any local or domain accounts that are named like a SID need to be prefixed with the domain, hostname, or . to ensure it converts to that accounts SID https://github.com/ansible/ansible/issues/38502
- Raise AnsibleParserError which was missing previously
- The aws_ses_identity module supports check mode
- `postgresql_user` module changed `encrypted=yes` to be the default. This shouldn't break any current playbooks, the module will just store passwords hashed by default. This change was done because Postgres 10 dropped support for `UNENCRYPTED` passwords and because all versions since Postgres 7.2 support storing encrypted passwords.
- `postgresql_user` module changed `encrypted=yes` to be the default. This shouldn't break any current playbooks, the module will just store passwords hashed by default. This change was done because Postgres 10 dropped support for `UNENCRYPTED` passwords and because all versions since Postgres 7.2 support storing encrypted passwords.
- azure_rm_loadbalancer - add support for sku
- azure_rm_loadbalancer - add support for sku
- azure_rm_publicipaddress - add support for sku
- azure_rm_publicipaddress - add support for sku
@ -320,6 +37,7 @@ Deprecated Features
Removed Features (previously deprecated)
Removed Features (previously deprecated)
----------------------------------------
----------------------------------------
- removed the deprecated always_run task option, please use `check_mode: no` instead
- win_iis_webapppool - removed the ability to supply attributes as a string in favour of a dictionary
- win_iis_webapppool - removed the ability to supply attributes as a string in favour of a dictionary
@ -329,15 +47,28 @@ Removed Features (previously deprecated)
Bugfixes
Bugfixes
--------
--------
- **Security Fix** - Some connection exceptions would cause no_log specified on a task to be ignored. If this happened, the task information, including any private information could have been displayed to stdout and (if enabled, not the default) logged to a log file specified in ansible.cfg's log_path. Additionally, sites which redirected stdout from ansible runs to a log file may have stored that private information onto disk that way as well. (https://github.com/ansible/ansible/pull/41414)
- Changed the admin_users config option to not include "admin" by default as admin is frequently used for a non-privileged account (https://github.com/ansible/ansible/pull/41164)
- Changed the output to "text" for "show vrf" command as default "json" output format with respect to "eapi" transport was failing (https://github.com/ansible/ansible/pull/41470)
- Document mode=preserve for both the copy and template module
- Document mode=preserve for both the copy and template module
- Fix added for Digital Ocean Volumes API change causing Ansible to recieve an unexpected value in the response. (https://github.com/ansible/ansible/pull/41431)
- Fix an encoding issue when parsing the examples from a plugins' documentation
- Fix an encoding issue when parsing the examples from a plugins' documentation
- Fix iosxr_config module to handle route-policy, community-set, prefix-set, as-path-set and rd-set blocks. All these blocks are part of route-policy language of iosxr.
- Fix mode=preserve with remote_src=True for the copy module
- Fix mode=preserve with remote_src=True for the copy module
- Implement mode=preserve for the template module
- Implement mode=preserve for the template module
- The yaml callback plugin now allows non-ascii characters to be displayed.
- The yaml callback plugin now allows non-ascii characters to be displayed.
- Various grafana_* modules - Port away from the deprecated b64encodestring function to the b64encode function instead. https://github.com/ansible/ansible/pull/38388
- Various grafana_* modules - Port away from the deprecated b64encodestring function to the b64encode function instead. https://github.com/ansible/ansible/pull/38388
- added missing 'raise' to exception definition https://github.com/ansible/ansible/pull/41690
- allow custom endpoints to be used in the aws_s3 module (https://github.com/ansible/ansible/pull/36832)
- allow set_options to be called multiple times https://github.com/ansible/ansible/pull/41913
- ansible-doc - fixed traceback on missing plugins (https://github.com/ansible/ansible/pull/41167)
- cast the device_mapping volume size to an int in the ec2_ami module (https://github.com/ansible/ansible/pull/40938)
- copy - fixed copy to only follow symlinks for files in the non-recursive case
- copy - fixed copy to only follow symlinks for files in the non-recursive case
- copy module - The copy module was attempting to change the mode of files for remote_src=True even if mode was not set as a parameter. This failed on filesystems which do not have permission bits (https://github.com/ansible/ansible/pull/40099)
- copy module - The copy module was attempting to change the mode of files for remote_src=True even if mode was not set as a parameter. This failed on filesystems which do not have permission bits (https://github.com/ansible/ansible/pull/40099)
- correct debug display for all cases https://github.com/ansible/ansible/pull/41331
- correctly check hostvars for vars term https://github.com/ansible/ansible/pull/41819
- correctly handle yaml inventory files when entries are null dicts https://github.com/ansible/ansible/issues/41692
- dynamic includes - Allow inheriting attributes from static parents (https://github.com/ansible/ansible/pull/38827)
- dynamic includes - Allow inheriting attributes from static parents (https://github.com/ansible/ansible/pull/38827)
- dynamic includes - Don't treat undefined vars for conditional includes as truthy (https://github.com/ansible/ansible/pull/39377)
- dynamic includes - Don't treat undefined vars for conditional includes as truthy (https://github.com/ansible/ansible/pull/39377)
- dynamic includes - Fix IncludedFile comparison for free strategy (https://github.com/ansible/ansible/pull/37083)
- dynamic includes - Fix IncludedFile comparison for free strategy (https://github.com/ansible/ansible/pull/37083)
@ -348,26 +79,48 @@ Bugfixes
- file module - Fix error when recursively assigning permissions and a symlink to a nonexistent file is present in the directory tree (https://github.com/ansible/ansible/issues/39456)
- file module - Fix error when recursively assigning permissions and a symlink to a nonexistent file is present in the directory tree (https://github.com/ansible/ansible/issues/39456)
- file module - Fix error when running a task which assures a symlink to a nonexistent file exists for the second and subsequent times (https://github.com/ansible/ansible/issues/39558)
- file module - Fix error when running a task which assures a symlink to a nonexistent file exists for the second and subsequent times (https://github.com/ansible/ansible/issues/39558)
- file module - The file module allowed the user to specify src as a parameter when state was not link or hard. This is documented as only applying to state=link or state=hard but in previous Ansible, this could have an effect in rare cornercases. For instance, "ansible -m file -a 'state=directory path=/tmp src=/var/lib'" would create /tmp/lib. This has been disabled and a warning emitted (will change to an error in Ansible-2.10).
- file module - The file module allowed the user to specify src as a parameter when state was not link or hard. This is documented as only applying to state=link or state=hard but in previous Ansible, this could have an effect in rare cornercases. For instance, "ansible -m file -a 'state=directory path=/tmp src=/var/lib'" would create /tmp/lib. This has been disabled and a warning emitted (will change to an error in Ansible-2.10).
- file module - The touch subcommand had its diff output broken during the 2.6.x development cycle. This is now fixed (https://github.com/ansible/ansible/issues/41755)
- fix BotoCoreError exception handling
- fix apt-mark on debian6 (https://github.com/ansible/ansible/pull/41530)
- fix async for the aws_s3 module by adding async support to the action plugin (https://github.com/ansible/ansible/pull/40826)
- fix decrypting vault files for the aws_s3 module (https://github.com/ansible/ansible/pull/39634)
- fix errors with S3-compatible APIs if they cannot use ACLs for buckets or objects
- fix permission handling to try to download a file even if the user does not have permission to list all objects in the bucket
- fixed config required handling, specifically for _terms in lookups https://github.com/ansible/ansible/pull/41740
- gce_net - Fix sorting of allowed ports (https://github.com/ansible/ansible/pull/41567)
- group_by - support implicit localhost (https://github.com/ansible/ansible/pull/41860)
- import/include - Ensure role handlers have the proper parent, allowing for correct attribute inheritance (https://github.com/ansible/ansible/pull/39426)
- import/include - Ensure role handlers have the proper parent, allowing for correct attribute inheritance (https://github.com/ansible/ansible/pull/39426)
- import_playbook - Pass vars applied to import_playbook into parsing of the playbook as they may be needed to parse the imported plays (https://github.com/ansible/ansible/pull/39521)
- import_playbook - Pass vars applied to import_playbook into parsing of the playbook as they may be needed to parse the imported plays (https://github.com/ansible/ansible/pull/39521)
- include_role/import_role - Don't overwrite included role handlers with play handlers on parse (https://github.com/ansible/ansible/pull/39563)
- include_role/import_role - Don't overwrite included role handlers with play handlers on parse (https://github.com/ansible/ansible/pull/39563)
- include_role/import_role - Use the computed role name for include_role/import_role so to diffentiate between names computed from host vars (https://github.com/ansible/ansible/pull/39516)
- include_role/import_role - Use the computed role name for include_role/import_role so to diffentiate between names computed from host vars (https://github.com/ansible/ansible/pull/39516)
- include_role/import_role - improved performance and recursion depth (https://github.com/ansible/ansible/pull/36470)
- include_role/import_role - improved performance and recursion depth (https://github.com/ansible/ansible/pull/36470)
- lineinfile - fix insertbefore when used with BOF to not insert duplicate lines (https://github.com/ansible/ansible/issues/38219)
- password lookup - Do not load password lookup in network filters, allowing the password lookup to be overriden (https://github.com/ansible/ansible/pull/41907)
- pause - ensure ctrl+c interrupt works in all cases (https://github.com/ansible/ansible/issues/35372)
- pause - ensure ctrl+c interrupt works in all cases (https://github.com/ansible/ansible/issues/35372)
- powershell - use the tmpdir set by `remote_tmp` for become/async tasks instead of the generic $env:TEMP - https://github.com/ansible/ansible/pull/40210
- selinux - correct check mode behavior to report same changes as normal mode (https://github.com/ansible/ansible/pull/40721)
- spwd - With python 3.6 spwd.getspnam returns PermissionError instead of KeyError if user does not have privileges (https://github.com/ansible/ansible/issues/39472)
- spwd - With python 3.6 spwd.getspnam returns PermissionError instead of KeyError if user does not have privileges (https://github.com/ansible/ansible/issues/39472)
- synchronize - Ensure the local connection created by synchronize uses _remote_is_local=True, which causes ActionBase to build a local tmpdir (https://github.com/ansible/ansible/pull/40833)
- template - Fix for encoding issues when a template path contains non-ascii characters and using the template path in ansible_managed (https://github.com/ansible/ansible/issues/27262)
- template - Fix for encoding issues when a template path contains non-ascii characters and using the template path in ansible_managed (https://github.com/ansible/ansible/issues/27262)
- template action plugin - fix the encoding of filenames to avoid tracebacks on Python2 when characters that are not present in the user's locale are present. (https://github.com/ansible/ansible/pull/39424)
- template action plugin - fix the encoding of filenames to avoid tracebacks on Python2 when characters that are not present in the user's locale are present. (https://github.com/ansible/ansible/pull/39424)
- user - only change the expiration time when necessary (https://github.com/ansible/ansible/issues/13235)
- user - only change the expiration time when necessary (https://github.com/ansible/ansible/issues/13235)
- uses correct conn info for reset_connection https://github.com/ansible/ansible/issues/27520
- win_environment - Fix for issue where the environment value was deleted when a null value or empty string was set - https://github.com/ansible/ansible/issues/40450
- win_environment - Fix for issue where the environment value was deleted when a null value or empty string was set - https://github.com/ansible/ansible/issues/40450
- win_file - fix issue where special chars like [ and ] were not being handled correctly https://github.com/ansible/ansible/pull/37901
- win_file - fix issue where special chars like [ and ] were not being handled correctly https://github.com/ansible/ansible/pull/37901
- win_get_url - fixed a few bugs around authentication and force no when using an FTP URL
- win_get_url - fixed a few bugs around authentication and force no when using an FTP URL
- win_iis_webapppool - redirect some module output to null so Ansible can read the output JSON https://github.com/ansible/ansible/issues/40874
- win_template - fix when specifying the dest option as a directory with and without the trailing slash https://github.com/ansible/ansible/issues/39886
- win_template - fix when specifying the dest option as a directory with and without the trailing slash https://github.com/ansible/ansible/issues/39886
- win_updates - Added the ability to run on a scheduled task for older hosts so async starts working again - https://github.com/ansible/ansible/issues/38364
- win_updates - Fix logic when using a whitelist for multiple updates
- win_updates - Fix logic when using a whitelist for multiple updates
- win_updates - Fix typo that hid the download error when a download failed
- win_updates - Fix typo that hid the download error when a download failed
- win_updates - Fixed issue where running win_updates on async fails without any error
- windows become - Show better error messages when the become process fails
- windows become - Show better error messages when the become process fails
- winrm - Add better error handling when the kinit process fails
- winrm - allow `ansible_user` or `ansible_winrm_user` to override `ansible_ssh_user` when both are defined in an inventory - https://github.com/ansible/ansible/issues/39844
- winrm - allow `ansible_user` or `ansible_winrm_user` to override `ansible_ssh_user` when both are defined in an inventory - https://github.com/ansible/ansible/issues/39844
- winrm - ensure pexpect is set to not echo the input on a failure and have a manual sanity check afterwards https://github.com/ansible/ansible/issues/41865
- winrm connection plugin - Fix exception messages sometimes raising a traceback when the winrm connection plugin encounters an unrecoverable error. https://github.com/ansible/ansible/pull/39333
- winrm connection plugin - Fix exception messages sometimes raising a traceback when the winrm connection plugin encounters an unrecoverable error. https://github.com/ansible/ansible/pull/39333
- xenserver_facts - ensure module works with newer versions of XenServer (https://github.com/ansible/ansible/pull/35821)
New Plugins
New Plugins
-----------
-----------
@ -388,6 +141,7 @@ Inventory
~~~~~~~~~
~~~~~~~~~
- foreman - foreman inventory source
- foreman - foreman inventory source
- gcp_compute - Google Cloud Compute Engine inventory source
- generator - Uses Jinja2 to construct hosts and groups from patterns
- generator - Uses Jinja2 to construct hosts and groups from patterns
- nmap - Uses nmap to find hosts to target
- nmap - Uses nmap to find hosts to target
@ -407,11 +161,19 @@ amazon
^^^^^^
^^^^^^
- aws_caller_facts - Get facts about the user and account being used to make AWS calls.
- aws_caller_facts - Get facts about the user and account being used to make AWS calls.