* correct openssl rsa to genrsa in acme doc fragment
* acme_certificate.py - updated route53 example to include wait: yes
(cherry picked from commit c11af3dbef)
The controller's fixup_perms2 uses filesystem acls to make the temporary
file for copy readable by an unprivileged become user. On Python3, the
acls are then copied to the destination filename so we have to remove
them from there.
We can't remove them prior to the copy because we may not have
permission to read the file if the acls are not present. We can't
remove them in atomic_move() because the move function shouldn't know
anything about controller features. We may want to generalize this into
a helper function, though.
Fixes#44412
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit d15812fabf)
* nxos_igmp_snooping: group-timeout fails when igmp snooping disabled
group-timeout config will be rejected by the device if `ip igmp snooping` is disabled.
* raise a failure for this condition
* reorder the command list so that group-timeout is always last
* SA fixes
* SA fixes
* only call gt_dependency if gt
(cherry picked from commit 8c33ba3ecd)
* `nxos_facts` crashes with certain nxos images; e.g. `7.0(3)I7(3)` as a result of this call:
```
data = self.run('show lldp neighbors', output='json')
```
...which returns `ERROR: No neighbour information` when the device has no neighbors.
* This response causes httpapi's `handle_reponse()` to raise a ConnectionError, which is caught by `utils/jsonrpc.py` which is expecting `code` in the exception data:
```
except ConnectionError as exc:
display.vvv(traceback.format_exc())
error = self.error(code=exc.code, message=to_text(exc))
```
* Found by: `nxos_facts/tests/common/not_hardware.yaml:7`
(cherry picked from commit 874fd70d10)
* network.py:ActionModule:run: does not honor _handle_src_option failures
PR #50301 moved template error handling out of run() and into its
own method in `_handle_src_option`; however, after the change run()
ignores the return value so any errors are ignored.
Reproduceable with `nxos_config/tests/common/src_invalid.yaml`
Verified fix with `nxos_config/tests/common/src_*` tests.
Ref:
71113ee291 (diff-7477bf046013758366cc85b06f90709aR43)
* nxos_config/tests/common/src_basic: Updated to test with src
This test was not actually testing with `src:` as it should have.
* Revert 412d7e change to plugins/action/network.py
PR #52912 fixed this already.
* nxos_config: fix src_invalid test
(cherry picked from commit d69239c440)
* nxos_interfaces_ospf: fix passive-interface states & check_mode
This fix addresses issues #41704 and #45343.
The crux of the problem is that `passive-interface` should have been treated as a tri-state value instead of a boolean.
The `no` form of the command disables the passive state on an interface (allows it to form adjacencies and send routing updates). It's essentially an override for `passive-interface default` which enables passive state on all OSPF interfaces.\*
This `no` config will be present in `running-config`.
\**See `router ospf` configuration.*
Since both enable and disable states are explicit configs, the proper way to remove either of these is with the `default` syntax.
Passive-interface config syntax:
```
ip ospf passive-interface # enable (nvgens)
no ip ospf passive-interface # disable (nvgens)
default ip ospf passive-interface # default (removes config, does not nvgen)
```
Code changes:
* `passive_interface` param changed from boolean to string, restricted to `true`,`false`,`default`.
* Several passive-interface specific checks were added because the existing module logic tends to test for true or false and doesn't handle the None case.
* Fixed `check_mode`.
Sanity verified on: N9K,N7K,N3K,N6K
* Fix doc header
* Unit tests for passive-interface
* doc fix#2
* Fix indent for SA
* Remove 'default' keyword, restore bool behavior
* remove changes to sanity
(cherry picked from commit 20fb77c49b)
* nxos_linkagg: `group` type mismatch causes idempotency failure
* `group` values need to be cast; e.g.
```
want = {'group': '20'}
have = {'group': 20}
```
* Found with N7K `sanity` test
* nxos_linkagg: change group param type to str
(cherry picked from commit 66fe6bfa0b)
* The test was setting `lsa max` value to 2222 but the default `lsa hold` value is 5000.
* `hold` must be less than `max` or else the device raises a clierror, so I just added a lower non-default `hold` value to satisfy the cli.
(cherry picked from commit c1e9f594d2)
The N7K is another platform that raises an error when trying to remove
an RP w/prefix-list specified. These tests are now skipped for N7K.
(cherry picked from commit c5de2233d0)
* Fixed another problem where `group-timeout` was processed before `ip igmp snooping` was enabled
* `sanity` playbook:
* N6K: `show ip igmp snooping | json` succeeds on the device but doesn't return any data in body; added a skip to the sanity playbook to keep it out of CI
* Added a setup task to do initial cleanup on the device
(cherry picked from commit 07774b4ccf)
Basic passwords are rejected by the nxos device unless `no password strength-check`
is configured. This change just makes the password meet the minimum strength checks.
(cherry picked from commit 591e0ffb69)
Test yaml fixes for n3048:
* 3048 does not support bidir option
* 3048 cannot remove rp-address if prefix-list/route-map is present
* yes: no ip pim rp-address x.x.x.x
* no: no ip pim rp-address x.x.x.x prefix-list foo
* no: no ip pim rp-address x.x.x.x route-map bar
This test now passes on N9k/N7k/N6k/N3k.
(cherry picked from commit ea0ef3b2e1)
* nxos_hsrp: fix 'sh_preempt': <unknown enum:>
Some older nxos images fail to set this attr value. This fix checks for
unknown enum and issues a second (unstructured) call to the device to get
the data.
* add whitespace for pep8
(cherry picked from commit 5dc65d0dfc)
* Fix 'defaults' option in the nxos_config module
Nxos get_config is allways called with the 'all' option.
* Fix flag's calculation
* Add tests
* nxos_config: the 'backup' option take into account the value of 'defaults' option
If 'defaults' option is true, the running-config backup is done with the all
keyword.
(cherry picked from commit 87a01df6ad)
Searching for digits somewhere in the output line will also match VLAN name (lines) starting with digits.
Fixes issue #50998
(cherry picked from commit b1c295386f)
Fixes#53236
* If dispatch() rpc response has data element
return the xml string from `<data>` element
else return the complete xml string from
`<rpc-reply>`.
(cherry picked from commit aac5ef5e13)
When using before and after in combination, the opposite behavior was induced. This PR makes the the replacement happen between the specified patterns as intended.
* Added integration tests
* Add changelog, porting guide entry, and minor doc fixes.
(cherry picked from commit cf69ec5db0)
Co-authored-by: Evan Kaufman <evan.kaufman@gmail.com>
* Catch all request timeouts for winrm connection
The current implementation only catches 'ConnectTimeout' exceptions.
Instead we should catch 'Timout' which also catches ReadTimeout
exceptions.
Improves on: #51744
Co-Authored-By: westphahl <westphahl@gmail.com>
* Changelog for winrm error handling improvement
* Fix Foreman returning host parameters
Foreman (1.20) returns the `all_parameters` key as a list of dicts, not a dict of key-value pairs.
* Fix for type error
The empty type here should be a dict, not a list as is has a `get` done
on it next.
(cherry picked from commit e94e80c79e)
* Return dict directly to avoid failing key lookup
(cherry picked from commit 545b98645d)
* Add changelog fragment for #54333
* Add write helper.
* Adjust modules (except openssl_certificate).
* Adding tests for mode (with openssl_privatekey).
* Add openssl_certificate support.
* Never, ever remove the output file before actually trying to generate new content for it.
Removal is only allowed when state=absent, or when the object has been regenerated and the result needs to be written to that place.
* Add changelog.
* Extend test.
(cherry picked from commit d7a273273a)
* grafana_datasource: use the Ansible helpers to get basic auth header
Module was not using the helpers, so an error occured in python3.
Fixes: #49147
* Update grafana_datasource_fix_basic_auth_python3_issue.yaml
Daniel Hagan