* Revert back to getting the AWS role name from the URI with a small change (#49113)
- The role name and instance profile name _can_ be different
- Change the delimiter to `:` for keys that are discovered through the JSON parsing (which is not a valid delimiter for AWS IAM role names), this delimiter is still converted to underscore
- Now checks for the existence of that delimiter to remove the cases where the JSON keys are appended to the role name to find the role name
(cherry picked from commit ff9b86f560)
* Changelog update
* VMware: Fix module usages in module_utils
* Skip test for Python 2.6 as SSL context is not available in Python 2.6
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 1b04571ea0)
There are several services e.g. vmware-fdm, which does not have package name and
package description which will raise a error if queried for.
(cherry picked from commit b3b65d16b8)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Complie regular expressions for better performance
* Skip on empty lines
This fixes a bug where the previous repo would be inserted in the result twice since an empty line did not match any of the conditions that would exit the loop iteration.
(cherry picked from commit 1e3b704ff1)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Simplify logic and add FreeBSD & NetBSD
* Remove incorrect flag for lock and unlock on FreeBSD
* Add tests and changelog
Co-authored-by: Chris Gadd <gaddman@email.com>
(cherry picked from commit f75a84e382)
Co-authored-by: Christopher Gadd <gaddman@email.com>
* Do not require TTY for 'apt-key' operations (#48580)
The 'gpg' command supports the '--no-tty' option, which disables any use
of a TTY during its execution. This parameter is sometimes required for
non-interactive operation to avoid any questions for the user.
The 'apt-key adv' command can pass additional parameters to the
underlying 'gpg' command. This patch adds the '--no-tty' option to avoid
issues with APT key imports when Ansible pipelining active, which
disables the use of a dedicated TTY.
(cherry picked from commit c7e2226035)
* Add changelog fragment about 'apt_key' no TTY fix
(cherry picked from commit 7033e1dfc0)
user: fix removing the expiry time when it's 0 (#47115)
* user: fix removing the expiry time when it's 0
* Improve tests and add changelog
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
(cherry picked from commit 41dfc5162f)
* Behave better if auto_remove and output_logs are combined. Warn if output cannot be retrieved because of auto_remove.
* Add tests.
* Added changelog.
(cherry picked from commit 3afdb28209)
* Don't die when get_container is called for container which is terminating during get_container call.
If it terminates between client.containers() and client.inspect_container(),
the module will fail with an error such as
Error inspecting container: 404 Client Error: Not Found ("No such container: xxx")
* Add changelog.
(cherry picked from commit b9706e2ff5)
* cleanup is already tested.
* Add test for paused.
* Add recreate and restart tests.
* timeout is a common docker option
* Implement paused and fix paused test.
* Add changelog.
* Improve paused test.
(cherry picked from commit 65768b996d)
* Add support for POST-as-GET if GET fails with 405.
* Bumping ACME test container version to 1.4. This includes letsencrypt/pebble#162 and letsencrypt/pebble#168.
* Also use POST-as-GET for account data retrival.
This is not yet supported by any ACME server (see letsencrypt/pebble#171),
so we fall back to a regular empty update if a 'malformedRequest' error is
returned.
* Using newest ACME test container image.
Includes letsencrypt/pebble#171 and letsencrypt/pebble#172, which make Pebble behave closer to the current specs.
* Remove workaround for old Pebble version.
* Add changelog entry.
* First try POST-as-GET, then fall back to unauthenticated GET.
(cherry picked from commit 92d9569bc9)
* Fix AWS EC2 inventory plugin caching of groups
* Added changelog fragment for aws_ec2 caching fix
* Store the AWS query results
The underlying inventory object contains inventory from other sources,
so caching it as ours would be wrong.
It seems easiest and safest to just cache the boto query results
instead.
* Remove unused functions
(cherry picked from commit 7ba09adee1)
* Avoid misleading PyVmomi error if requests import fails
Requests is imported by the VMware module_utils as an external
dependency; however, because it is in a try/catch block containing the
imports for PyVmomi, if requests fails to import properly, Ansible will
instead complain about PyVmomi not being installed.
By moving the import outside of the try/catch block, if requests fails
to import, an error like the following will be returned:
ImportError: No module named requests
This should result in less confusion.
* catch requests ImportError
Signed-off-by: Jim Gu <jim@jimgu.com>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 99ee30768a)
* Only add parameters which are actually used.
* Fail if ipvX_address is used when not supported.
* Added changelog.
(cherry picked from commit 4ffe3b14d4)
* Documentation for docker_container: fix documentation for memory_swappiness. Default value will not equal 0, it will be inherited from the host machine (#47296)
(cherry picked from commit 4c2efa4b67)
* Add changelog.
* user: do not pass ssh_key_passphrase on cmdline
* user: do not pass ssh_key_passphrase on cmdline
CVE-2018-16837
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit a0aa53d1a1)
* Ignore user module use of subprocess.
(cherry picked from commit 8d00afc013)
* Fix python3 problem in user module cve fix
(cherry picked from commit 9088671c4e)
* Fix changelog entry for user module CVE fix
(cherry picked from commit 210a43ebeb)
(cherry picked from commit b618339c32)
* Remove E210
* win_nssm: add failing tests for issue #44079
(cherry picked from commit a5d1241fa1)
* win_nssm: add more failing tests
These tests highlight several issues with this module:
* Service not started when state=started
* Errors with app_parameters (see #25265)
* Exception when passing several dependencies separated by comma as specified in doc
(cherry picked from commit e50234bdb3)
* win_nssm: use Run-Command instead of Invoke-Expression to prevent interpretation issue
Fix#44079
(cherry picked from commit 20a0d90ebe)
* win_nssm: fix service not started when state=started
Nssm status returns a multiline output that doesn't match any of the strict patterns in the switch statement.
(cherry picked from commit 8180a7c39b)
* win_nssm: fix incorrect separator in doc for service dependencies
The dependencies parameter works with space as separator, but not with comma as shown in the documentation
(cherry picked from commit ddd4b4bea6)
* win_nssm: fix error with app_parameters parameter
Fix#25265
(cherry picked from commit aba0d48ba5)
* win_nssm: add idempotence tests
(cherry picked from commit 46a5e4f3bf)
* win_nssm: fix several idempotence issues and misbehaviors
Add missing space between arguments when app_parameters contains several keys.
Use Argv-ToString and Escape-Argument to improve arguments handling (parameters with quotes, backslashes or spaces).
(cherry picked from commit 933a4092bf)
* win_nssm: test parameters with spaces, quotes or backslashes
(cherry picked from commit 51843a7b3c)
* win_nssm: restore comma as separator for service dependencies
Revert commit ddd4b4b
(cherry picked from commit ead882bb9b)
* win_nssm: restore support of string as dict form for app_parameters and remove support of literal YAML dict
(cherry picked from commit 862855252b)
* win_nssm: wrong variable in tests
(cherry picked from commit 9b9c839461)
* win_nssm: add changelog fragment
* modules/systemd: fix logic: disabled means disabled
Fix logic determining whether a service with both systemd and initd files is enabled or disabled.
In situations where systemd thinks service is disabled, but rc.d symlinks mark it as enabled,
this module wrongly assumes the service is enabled.
Fix this logic: disabled means disabled
Only when the output from systemctl is-enabled does NOT include disabled, consider the status of rc.d symlinks.
This essentially replicates the fixes done to the systemd handling in the "service" module in 3c89a21e0cFixes#22303Fixes#44409Fixes#39116
* backport/2.6/46245: add changelog fragment
Brian Coca