Commit Graph

469 Commits (53b95b865f7aabfa36ebac5514d604028346d001)

Author SHA1 Message Date
Brian Coca 06ecdaa7b1
comment heavy playbook (#68981)
* create examples/play.yml


Co-authored-by: flowerysong <junk+github@flowerysong.com>
5 years ago
Jakub Paweł Głazik 04b22a6b35
Change example ControlPath to be short and unique (#69347)
Use %C as the ControlPath setting in the example config file. The old setting used %h and %r tokens, which break ansible for a few use cases, including packer provisioning, where hostname is always 127.0.0.1. %C is a hash of local host, remote host, username and port.
5 years ago
Rowayda Khayri d039eb9317
add punctuation marks to comments (#68882) 5 years ago
Hideki Saito a67d5dbcb7
Add example setting for collections_paths parameter to examples/ansible.cfg (#69018)
Signed-off-by: Hideki Saito <saito@fgrep.org>
5 years ago
Matt Clay 601065cb7a
Remove old example playbooks dir. (#68409)
The content was relocated nearly 7 years ago.
5 years ago
Anatoly Kamchatnov ebdb581e63 Fix typos in `ansible.cfg` comments
PR #65177
5 years ago
Sam Doran 1588ad77e2 Update ansible.cfg (#64855)
- clean out old options that are now deprecated
- clean up formatting of comments a bit
- add become plugin examples
5 years ago
James Cassell 8bca160363 add vfat to selinux special_context_filesystems (#59823)
vfat is the format of the /boot/efi partition on UEFI hosts and does
not support SELinux labels

add an environment variable for this config option
5 years ago
Shachaf92 7ddcaafee5 many pslint fixes (#55862)
* Handles:

PSAvoidTrailingWhitespace
PSAvoidGlobalVars
PSAvoidAssignmentToAutomaticVariable
PSAvoidUsingCmdletAliases
PSAvoidUsingWriteHost
PSUseDeclaredVarsMoreThanAssignments
PSUsePSCredentialType
PSAvoidUsingPositionalParameters
PSAvoidUsingEmptyCatchBlock
PSAvoidUsingWMICmdlet

Replaced Write-Host with Write-Output
Added smart reboot check for win_domain feature installation
Modify the Creation of the pagefileto fit to CIM
Changelog fragment addition
Ignore.txt without fixes

* Changes after community reviews

* Change Out-Null to '> $null'

* Fixes after jborean93 comments

* Test

* Revert "Test"

This reverts commit 35c5c0648fa9d2868a18094d84954e53ffa28880.

* Removed all  > $null since they broke the module since the output got dumped

* run test again

* Revert "run test again"

This reverts commit 80eaf07143f9d8cb0116cbbc68a6a69c0ace840c.

* Changes after community review

* ignore PSUseDeclaredVarsMoreThanAssignments that are on a diffrent PR

* CI failed on extra line in ignore.txt

* Review changes

* PSlint errors

* Trail space

* send to null breaks the tests for  Set-Workgroup

* Lint stuff

* win_domain_user issue of indent.

* Update win_domain_user.ps1

* Update win_domain_membership.ps1

* Fix redirect to null

* lint space issue

* removed return from set-workgroup

* removed send to null
5 years ago
Brian Coca 751134ff17 Clearer examples of hosts.yml inventory (#57999)
* Clearer examples of hosts.yml inventory
6 years ago
Chuck Douglas 0e9a79a589 Change the retry_files_enabled to False and modify the comments to reflect that this has been disabled (#52581)
* Change the retry_files_enabled to False and modify the comments to reflect that
this has been disabled.

* Change the default action of retry_files_enabled to False

* Update porting guide to reflect change in default state of retry_files_enabled variable

* Change log documenting a change in default behaviour of retry_files_enabled

* Revert config change to comment out the retry_files_enabled line to let the user decided what is best.
Comment above still states how to change.
6 years ago
Abhijeet Kasurde 1da5e21289 examples: fix Ansible API example (#51863)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
6 years ago
Matt Martz 445ff39f94
Become plugins (#50991)
* [WIP] become plugins

Move from hardcoded method to plugins for ease of use, expansion and overrides
  - load into connection as it is going to be the main consumer
  - play_context will also use to keep backwards compat API
  - ensure shell is used to construct commands when needed
  - migrate settings remove from base config in favor of plugin specific configs
  - cleanup ansible-doc
  - add become plugin docs
  - remove deprecated sudo/su code and keywords
  - adjust become options for cli
  - set plugin options from context
  - ensure config defs are avaialbe before instance
  - refactored getting the shell plugin, fixed tests
     - changed into regex as they were string matching, which does not work with random string generation
     - explicitly set flags for play context tests
 - moved plugin loading up front
 - now loads for basedir also
 - allow pyc/o for non m modules
 - fixes to tests and some plugins
 - migrate to play objects fro play_context
 - simiplify gathering
 -  added utf8 headers
 - moved option setting
 - add fail msg to dzdo
 - use tuple for multiple options on fail/missing
 - fix relative plugin paths
 - shift from play context to play
 - all tasks already inherit this from play directly
 - remove obsolete 'set play'
 - correct environment handling
 - add wrap_exe option to pfexec
 - fix runas to noop
 - fixed setting play context
 - added password configs
 - removed required false
 - remove from doc building till they are ready

future development:
  - deal with 'enable' and 'runas' which are not 'command wrappers' but 'state flags' and currently hardcoded in diff subsystems

* cleanup

  remove callers to removed func
  removed --sudo cli doc refs
  remove runas become_exe
  ensure keyerorr on plugin
  also fix backwards compat, missing method is attributeerror, not ansible error
  get remote_user consistently
  ignore missing system_tmpdirs on plugin load
  correct config precedence
  add deprecation
  fix networking imports
  backwards compat for plugins using BECOME_METHODS

* Port become_plugins to context.CLIARGS

This is a work in progress:
* Stop passing options around everywhere as we can use context.CLIARGS
  instead

* Refactor make_become_commands as asked for by alikins

* Typo in comment fix

* Stop loading values from the cli in more than one place

Both play and play_context were saving default values from the cli
arguments directly.  This changes things so that the default values are
loaded into the play and then play_context takes them from there.

* Rename BECOME_PLUGIN_PATH to DEFAULT_BECOME_PLUGIN_PATH

As alikins said, all other plugin paths are named
DEFAULT_plugintype_PLUGIN_PATH.  If we're going to rename these, that
should be done all at one time rather than piecemeal.

* One to throw away

This is a set of hacks to get setting FieldAttribute defaults to command
line args to work.  It's not fully done yet.

After talking it over with sivel and jimi-c this should be done by
fixing FieldAttributeBase and _get_parent_attribute() calls to do the
right thing when there is a non-None default.

What we want to be able to do ideally is something like this:

class Base(FieldAttributeBase):
    _check_mode = FieldAttribute([..] default=lambda: context.CLIARGS['check'])

class Play(Base):
    # lambda so that we have a chance to parse the command line args
    # before we get here.  In the future we might be able to restructure
    # this so that the cli parsing code runs before these classes are
    # defined.

class Task(Base):
    pass

And still have a playbook like this function:

---
- hosts:
  tasks:
  - command: whoami
    check_mode: True

(The check_mode test that is added as a separate commit in this PR will
let you test variations on this case).

There's a few separate reasons that the code doesn't let us do this or
a non-ugly workaround for this as written right now.  The fix that
jimi-c, sivel, and I talked about may let us do this or it may still
require a workaround (but less ugly) (having one class that has the
FieldAttributes with default values and one class that inherits from
that but just overrides the FieldAttributes which now have defaults)

* Revert "One to throw away"

This reverts commit 23aa883cbed11429ef1be2a2d0ed18f83a3b8064.

* Set FieldAttr defaults directly from CLIARGS

* Remove dead code

* Move timeout directly to PlayContext, it's never needed on Play

* just for backwards compat, add a static version of BECOME_METHODS to constants

* Make the become attr on the connection public, since it's used outside of the connection

* Logic fix

* Nuke connection testing if it supports specific become methods

* Remove unused vars

* Address rebase issues

* Fix path encoding issue

* Remove unused import

* Various cleanups

* Restore network_cli check in _low_level_execute_command

* type improvements for cliargs_deferred_get and swap shallowcopy to default to False

* minor cleanups

* Allow the su plugin to work, since it doesn't define a prompt the same way

* Fix up ksu become plugin

* Only set prompt if build_become_command was called

* Add helper to assist connection plugins in knowing they need to wait for a prompt

* Fix tests and code expectations

* Doc updates

* Various additional minor cleanups

* Make doas functional

* Don't change connection signature, load become plugin from TaskExecutor

* Remove unused imports

* Add comment about setting the become plugin on the playcontext

* Fix up tests for recent changes

* Support 'Password:' natively for the doas plugin

* Make default prompts raw

* wording cleanups. ci_complete

* Remove unrelated changes

* Address spelling mistake

* Restore removed test, and udpate to use new functionality

* Add changelog fragment

* Don't hard fail in set_attributes_from_cli on missing CLI keys

* Remove unrelated change to loader

* Remove internal deprecated FieldAttributes now

* Emit deprecation warnings now
6 years ago
Ganesh Nalawade 1b6228fa10
Increase persistent command_timeout default value (#51056)
* Increase persistent command_timeout default value

*  Increase command_timeout default value from 10 to 30 sec
   to reduce frequent timeout issue for network connection
   types (netconf/network_cli/httpapi/napalm)

* Fix review comments
6 years ago
jctanner ce58ebf71d Fix usetty keyword in example ansible.cfg (#51084) 6 years ago
Pierre-Louis Bonicoli 7e278b23b4 inventory plugin order: update doc
add doc for #44428:
- add changelog fragment
- update porting guide
also:
- update auto inventory plugin doc
- mention toml plugin in examples
6 years ago
Pilou 1bad617f29 Inventory plugins move auto before ini (#44428)
* inventory plugins: try auto before ini

auto plugin should run before ini to avoid ini being able to parse
some plugin configuration YAML files successfully.

* Update comment

comment was added by 2ffe3c42bb but
related code was later removed by
506e6a0b2d.
6 years ago
Monty Taylor 2e8f166b8a Add comment about group merge in yaml inventory example (#24986)
* Add comment about group merge in yaml inventory example, w/bcoca feedback
6 years ago
Abhijeet Kasurde 834d9330e9 Misc Typo (#48918)
Changed hostames to hostnames

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
6 years ago
Sloane Hertel 43d12c11be Add 'auto' to documented default enabled inventory plugins (#46621)
* Correct default inventory plugins enabled in docs and example/ansible.cfg

* Fix headers
6 years ago
Jordan Borean 24b4633481
explicitly set LocalAccountTokenFilterPolicy on WinRM configure script (#45947) 6 years ago
skylerbunny a892a6ef03 Add undocumented configuration parameter and explain in porting guide (#36059)
* Add undocumented configuration parameter and explain in porting guide
6 years ago
Joren Vrancken b954917761 Surround top-level function and class definitions with two blank lines. 6 years ago
John R Barker e9dbebfa57
Fix some broken links (#42079)
* Fix some broken links

* We now only serve via https
* redirects don't work with anchors, so update those links (devel/dev_guide)
6 years ago
李宏杰 e9b658baae update ansible.cfg example (#41832) 7 years ago
Brian Coca 3b8b928e29 draft schema for inventory scripts (#39454)
* draft schema for inventory scripts

used by the script inventory plugin

* fixes and details for vars

* proper escape

* restrict additional
7 years ago
Matt Ralph c47c16782f Add ssh_connection retries to ansible.cfg example (#38393)
I add the `retries` option under [ssh_connection] as it was missing, and
some brief comments on the backoff logic.
7 years ago
Matt Clay c262dbfd30 Use https for links to ansible.com domains. 7 years ago
David Norman 7963279fc2 Generate SHA256 signed certificates for WinRM (#36668)
* Generate SHA256 signed certificates

Vulnerability scanners are increasingly reporting SHA-1 signed certificates as a vulnerability on servers. Before this change, -ForceNewSSLCert generates a signature algorithm that openssl shows as sha1WthRSAEncryption for WinRM port 5986. After, this forces certificates to be signed with SHA256, which openssl shows sha256WithRSAEncryption.

Some example SHA-1 deprecations include:
- https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2017/4010323
- https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/

Also note that RDP 3389 on Windows 2016 also defaults to a SHA256 certificate.

The specifics were merged from a script mod I found at https://gallery.technet.microsoft.com/scriptcenter/PowerShell-script-to-7a0321b7 intended for Exchange. It also includes a mod to add an alternate DNS listing so the cert contains CN=HOSTNAME plus now also an alternative of the FQDN.

I tested this change on Windows 2008R2, 2012R2, and 2016 Datacenter.

* Keep WinRM cert key length at 4096.

* Remove WinRM cert exportpolicy setting.
7 years ago
Toshio Kuratomi 340a7be7c3 Implement plugin filtering 7 years ago
John Bond d72587084b Update example uptime script to provide correct type for explicit individual hosts (#34740) 7 years ago
Matt Clay 797664d9cb Python 2.6 `str.format()` compatibility fixes. 7 years ago
Erwan Quélin e3b49a7aeb Added possibility to disable basic auth (#33224) 7 years ago
Matt Davis 853fa8223a avoid use of Write-Host in config script 7 years ago
Matt Davis 898eead48f
add GlobalHttpFirewallAccess arg (#34124) 7 years ago
jctanner 218987eac1
ANSIBLE_SSH_USETTY configuration option (#33148)
* Allow the user to circumvent adding -tt on ssh commands to help aid in
debugging ssh related problems.
* Move config to the plugin
* Set version_added
* Change yaml section to "connection"
* Fix ssh unit tests
7 years ago
Jason Travis be4a0f1f3d Set example ansible.cfg *includes_static options to default value 7 years ago
Dag Wieers 1140d6ecd7
Explain -EnableCredSSP in header
The new Windows documentation references the top of this file for a list and explanation of options, however `-EnableCredSSP` was missing from this list.
7 years ago
James Mighion 9d4e0a8acb Fixes default format of network_group_modules to ini list. Removing trailing whitespaces from comments for style consistency. Fixes #26154 (#32460) 7 years ago
Sudheer Satyanarayana 7197186366 minor text fixes 7 years ago
Brian Coca d2c7539ae8 removed example for restricted facts namespace
(cherry picked from commit e1fab37316)

fixes #31330
7 years ago
Matt Martz 2b08e00a54 Update uptime.py example script with changes to the API. Fixes #31229 7 years ago
Brian Coca d3e85bd045 dont override previous ini entries with defaults
corrected setting example, quotes mess up the regex
fixes #30633
7 years ago
Brian Coca 142869d266 fixed typo 7 years ago
Brian Coca de6ba4daff add toggle to controle inventory parse as error (#28729)
* add toggle to controle inventory parse as error

also rearranged new inventory options into it's own ini section

* updated with inventory features

also minor fixes/consolidation on deprecated/removed modules

* tweaked settings
7 years ago
Brian Coca a897193bce Moar constructive (#28254)
* made composite vars and groups generic

now you can do both in every plugin that chooses to suport it
renamed constructed_groups as it now also constructs vars ... to constructed
moved most of constructed_groups logic into base class to easily share

* documented inventory_hostname

* typo fix
7 years ago
Simon Liddicott 3ceeb5124e Set startup type to automatic before attempting to start the service. Otherwise it will fail if the service is disabled. (#27751) 7 years ago
Ganesh Nalawade 70ce394840 Persistent connection timer changes (#27272)
*  Add command_timeout timer that defines the amount
   of time to wait for a command or RPC call before
   timing out.
*  Remove connect_retries and connect_interval configuration
   varaible and replace it with connect_retry_timeout to control
   the timeout value of connection to local scoket.
*  Make required changes to netowrk action plugins and relevant
   network files in module_utils.
*  Required documentation changes.
7 years ago
Toshio Kuratomi 87a192fe66 Fix one name in module error due to rewritten VariableManager 7 years ago
Brian Coca 32fa4db232 add any_errors_fatal global config 7 years ago