This will make stable-2.16 testing more stable as the f38 copr repo is
going away at some point. It suffices to test against the nightly repo
in stable-2.17 and devel.
* Fix task.resolved_action for callbacks when playbooks use action or local_action
* Fix using module_defaults with 'action' and 'local_action' task FA and add a test case
Fixes#81905
(cherry picked from commit f2435375a8)
Improves the Add-Type temporary directory handler to include a retry
mechanism and not fail on an error. Deleting a temporary file used in
compilation is not a critical error and should improve the reliability
of Ansible on Windows hosts.
(cherry picked from commit b8f1add983)
* Add the task info for tombstoned plugins
* Fix deprecation for 'include' by removing it from BUILTIN_TASKS which skip the plugin loader lookup
* changelog
remove obsolete unit test using 'include'
* Update changelogs/fragments/improve-tombstone-error.yml
(cherry picked from commit caa86cc4df)
* dnf: fix installing a package based the file it provides (#82744)
Fixes#82461
(cherry picked from commit a28709f92d)
* dnf: utilize the API for the installed checks (#82725)
Fixes#71808Fixes#76463Fixes#81018
(cherry picked from commit f1ded0f417)
* setup_rpm_repo/create_repo: "Arch dependent binaries in noarch package" (#83108)
This fixes "Arch dependent binaries in noarch package" error cause by
including files created by make_elf function in noarch packages. While the
error only manifests itself on EL 7 and 8 it is better to use files
suitable for noarch packages to prevent the error potentially
re-occuring in the future.
(cherry picked from commit 87bead3dcf)
* Fix installing roles containing symlinks
Fix sanitizing tarfile symlinks relative to the link directory instead of the archive
For example:
role
├── handlers
│ └── utils.yml -> ../tasks/utils/suite.yml
The link ../tasks/utils/suite.yml will resolve to a path outside of the link's directory, but within the role
role/handlers/../tasks/utils/suite.yml
the resolved path relative to the role is tasks/utils/suite.yml, but if the symlink is set to that value, tarfile would extract it from role/handlers/tasks/utils/suite.yml
* Replace overly forgiving test case with tests for a symlink in a subdirectory of the archive and a symlink in the archive dir when these are not equivalent.
* Build test case from role files to make it easier to add test cases
Fixes#82702Fixes#81965Fixes#82051
(cherry picked from commit e84240db84)
* Allow check mode async task disabling check_mode
Allows running an async task with check_mode: False when the playbook is
being run in check mode.
* Add check_mode attribute to internal cleanup task
(cherry picked from commit c9086061ca)
When using winrm over HTTP with message encryption enabled and a task
has timed out the connection plugin will fail to cleanup the WinRM
command. This will change that exception into a warning as a timeout is
already an exception event and a failure to clean the operation should
not override the timeout error shown.
(cherry picked from commit 8aecd1f9b2)
allow_duplicates is not part of the role uniqueness, so the value on the cached role may not match the current role.
* remove the allow_duplicates check from Role.has_run() which operates on the deduplicated role
* check the current role's allow_duplicates value in the strategy
(cherry picked from commit b3d8cdde5d)
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
Add explicit error when the calculated dest path for fetch becomes a
local directory. The existing behaviour will not be checked unlike when
the path did not end with a trailing slash.
(cherry picked from commit 179bc1dabd)
The timing of the async tasks was a little unpredictable, meaning that
sometimes we would get an unexpected number of v2_runner_on_async_poll
callbacks, and fail the test. This change fixes the issue by increasing
the poll interval to 2 seconds and the sleep duration to 3 seconds, such
that on a reasonably responsive system we will poll twice per task, with
the sleep ending in the middle of the two polls.
The include_me.yml file does not exist in this integration test. It has
been added.
The remote_tmp_dir.path expression is invalid - the setup_remote_tmp_dir
role uses set_fact to set remote_tmp_dir to remote_tmp_dir.path.
The integration tests run with ANSIBLE_HOST_PATTERN_MISMATCH=error,
meaning that the final play was never reached. Set
ANSIBLE_HOST_PATTERN_MISMATCH=warning to continue past the play and
trigger the v2_playbook_on_no_hosts_matched callback.
(cherry picked from commit 4a2de764ec)
* Changes as suggested by sivel
* Add changelog fragment and tests
Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
(cherry picked from commit 48bed1e15a)
Co-authored-by: tachyontec <92679798+tachyontec@users.noreply.github.com>
Jinja may generate an invalid Python source code from a template. Trying
to compile such source code into a Python code object results in
SyntaxError being thrown. An example of such a template is providing the
same keyword argument into a lookup twice, resulting in:
`SyntaxError: keyword argument repeated`.
Since `jinja2.exceptions.TemplateSyntaxError` does not cover such a
case, as it is not a Jinja parsing error, we need to catch SyntaxError
explicitly ourselves.
Fixes#82606
(cherry picked from commit 6d34eb88d9)
* Fix loading legacy vars plugins when the plugin loader cache is reset
* Remove extra cache layer by ensuring vars plugin names are cached (stateless or not) so that the plugin loader cache can double as the load order
(cherry picked from commit 13e6d8487a)
* lookups, make file searching use better is_role
The dwim function will internally try by detecting tasks/main['','.yml','.yaml]
but this is far from optimial, the existince of role path in vars is much better
indicator that we can use to pass a hint
* updated test to avoid main.yml
(cherry picked from commit a9919dd7f6)
* Role fixes (#82339)
* Various fixes to roles
- static property is now properly set
- role_names and other magic vars now have full list
- role public/private var loading is now done when adding to play.roles instead of on each var query
- added tests
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 55065c0042)
* import_role does not get public until next version
Set the tarfile attribute to a normalized value from unfrackpath instead
of validating path parts and omiting potentially invald parts
Allow tarfile paths/links containing '..', '$', '~' as long as the
normalized realpath is in the tarfile's role directory
(cherry picked from commit 3a42a00368)
* Allow older pickle protocols to pickle unsafe classes. Fixes#82356
* Address issues when iterating or getting single index from AnsibleUnsafeBytes. Fixes#82375
* clog frag
* [backport][stable-2.16] 🧪 Replace GitHub SVN integration test with local TLS
PR #82334
* Run svn integration test locally with TLS
This patch uses a `trustme` to make an ephemeral CA, and server, and
client TLS artifacts for testing. These are integrated into the Apache
web server via it's `mod_ssl`.
Resolves#82207
* Replace GitHub SVN HTTPS URL w/ localhost over TLS
This change gets rid of the need to use GitHub, which is just about to
drop support for SVN [[1]]. Moreover, it eliminates the need to use
external network for any SVN commands in the test.
[1]: https://github.blog/2023-01-20-sunsetting-subversion-support/
(cherry picked from commit dd0138ba21)
* Implement compat w/ opensuse15, centos7 & rhel7/8
* Ensure that unsafe is more difficult to lose
* Add Task.untemplated_args, and switch assert over to use it
* Don't use re in first_found, switch to using native string methods
* If nested templating results in unsafe, just error, don't continue
* ci_complete
Matt Clay