Prior to openssh 6.4, ssh-keygen -F returned 0 (and no output) when no
host was found. After then, it instead returned 1 and no output. This
revised code behaves correctly with either behaviour. There is
currently no other code path that results in exit(1) and no output.
- removed functions from main scope
- renamed rebalance function to disambiguate from variable
- updated docs with defaults
- added exception handling to command execution
Occasionally, `lvcreate` will prompt on stdin for confirmation. In
particular, this may happen when the volume is being created close to
the location on disk where another volume existed previously. When this
happens, Ansible will hang indefinitely with no indication of the
problem. To work prevent this problem, the `--yes` command-line argument
can be passed to `lvcreate`, which will instruct it not to prompt.
Signed-off-by: Dustin C. Hatch <dustin@hatch.name>
- Changes are no longer erroneously reported on RHEL (#12)
- Adding new link groups on Debian works again.
- This was broken in a previous commit by assuming the OS was RHEL
if `update-alternatives --query <name>` had a return code of 2
- Prefer `--display` over `--query` for determining available
alternatives
- --display is more distro-agnostic and simplifies the code
- Fix missing `msg=` in `fail_json` call when `link` is missing
- Document that `link` is required on RHEL-based distros
Tested on Ubuntu 12.04+ and CentOS 6/7
These are all the code changes from Brian's review:
* change #! line
* rename "host" to "name" [keep as alias]
* make documentation clearer
* imports 1 per line
* use get_bin_path to find ssh-keygen
* key not actually required when removing host
The known_hosts module lets you add or remove a host from the
known_hosts file. This is useful if you're going to want to use the
git module over ssh, for example. If you have a very large number of
host keys to manage, you will find the template module more useful.
This was pull request 7840 from the old ansible repo, which was
accepted-in-principle but not yet merged. The mailing list thread
reading it is:
https://groups.google.com/forum/#!topic/ansible-devel/_e7H_VT6UJE/discussion
The function normalizes checks for UTF-8, but the same issue exists for
other locales as well. This fix adds normalization for EUC-JP, a Japanese
locale.
The previous version of this code was supporting only locales using the
format "<language>_<territory>.<charset>". But all the locales that
doesn't have this format were not installable (such as "fr_FR" or
"fr_FR@euro").
Also, if an invalid locales was provided, the module kept sending a
"changed" status.
Now :
* if the user provides an invalid locales, the module failed. Locales
are verified using /etc/locale.gen or /usr/share/i18n/SUPPORTED if
Ubuntu
* Every types of valid locales are now supported.
* The locale module was not working on Archlinux, as there's no space
between the "#" and the locale. This is now supported. Credits goes
to danderson189, this is his code.
This module was tested on debian jessie, ubuntu 14 LTS and last
Archlinux.
Currently, either you apply the change in the configuration
of firewalld ( without permanent=True ), or you apply it live.
I most of the time want to do the 2 at the same time, ie open the
port ( so I can use the service ) and make sure it stay open on reboot.
MAN page states the following :
Rules for traffic not destined for the host itself but instead for
traffic that should be routed/forwarded through the firewall should
specify the route keyword before the rule (routing rules differ
significantly from PF syntax and instead take into account netfilter
FORWARD chain conventions). For example:
ufw route allow in on eth1 out on eth2
This commit introduces a new parameter "route=yes/no" to allow just that.
* The policy is shown in `status verbose`, so all the check mode stuff should keep working.
* `--dry-run` works as expected.
* No idea whether it's legal as an argument to `interface`
RedHat-based OSes have a version of update-alternatives which comes from
the chkconfig package and does not support the --query parameter. Work
around that.
standards compliant return codes but return a verbose error message via
stdout. Limit the times when we invoke the heuristic to attempt to work
around this.
Centos 6.x and below use an old RHT style of configuring hostname.
CentOS 7.x and better use systemd. Instead of depending on the
distribution string which seems to have changed over the course of 6.x
we need to explicitly check the version.
Fixes#8997
The "name" parameter seems to be rather important as the identifying feature of a cron job. This is an update to the documentation to further emphasize this.
As far as I can tell, `name` is a required parameter. The guard test at (now) line 458 says you need name if `state == present` and at 464 if `state != present`, although that's not quite as clear. Each of the code paths at 485 - 495 pass the name param through to `add_job`, `update_job` and `remove_job`, and the actual _update_job method earlier seems to require it too. However I don't really know python so I may be wrong, but I can't see the circumstances when `name` is not required.
This avoids a stale situation where name/path contains some impossible path,
but gets configured (faultly) in fstab, and the module only fails after that,
when creating that path.
We wrap get_distribution_version() with a new function,
_get_distribution_version(), that returns `0` when the result is a string or
`None`.
This accounts for the case when get_distribution_version() returns a string,
and we try to compare it to a float. We do this in the hostname module instead
of the module snippets because other modules may want the real string
version.module snippets because other modules may want the real string version.
This fixes a bug introduced by 138b45e3.
The hostname has an additional newline at the end which leads to the
state always being 'changed: true' even if the hostname is unchanged.
Currently facter facts omit facts that a distributed via Puppet. This
commit adds the `--puppet` option.
In cases where puppet is not installed, the command sends a warning to
STDERR *but* completes successfully. So should not cause any issues.
The benefit is, filtering can be done based on facts set by Puppet.
even if the option ```force=yes``` is used in the playbook, it is not reflected in the mkfs command line.
As force option is dependent of the fs type, a "if-then-else" case have been added. Also, some FS types does not have a force option.
If we try to use the user module without being root, it fail on RHEL/Fedora
because usermod --help cannot be run. The root cause is lack of permission
due to EAL4+ certification, as seen in shadow-utils changelo.
So if we cannot run it, assume there is no append. It doesn't matter
much since we will not be able to run usermod at all with or without the
option.
While migrating my playbook to a newer ansible version, I faced
the error message "unknown init system, cannot enable service". It turned
out to be caused by a wrong service name that was not expanded anymore.
So by giving the name of the service that cannot be enabled and a more precise
reason, i think people will be able to diagnose their issue more easily.
When no vg_options are passed to the module, 'vg_options' still exists
in the module.params dict with a value of None, so the default empty string in
the get method is never used. None cannot be "splitted", which backtraced.
It's a separate parameter so updated docs and set it as mutually exclusive param.
Also due to an array construction typo it was not working in any situation (ufw LOGLEVEL was passed to cmd instead of ufw logging LOGLEVEL).
Also fixed doc and parameters parsing typo ("choises" should be "choices")
Services on Debian need to be disabled with 'disable' instead of 'remove'
to avoid them being enabled again when 'update-rc.d $service defaults' is run,
e.g. as part of a postinst script.
There's no need to filter hostnamectl's output with awk because its man
page says:
hostnamectl [OPTIONS...] {COMMAND}
--static, --transient, --pretty
If status is used (or no explicit command is given) and one
of those fields is given, hostnamectl will print out just
this selected hostname.
E.g. hostnamectl --static status => ansible.example.org
* Separate 'state', 'policy' and 'rule' commands
* Support for 'logging' command
* Support for 'direction' and 'interface' attributes
* Reliable change notifications based on 'ufw status verbose' diff
* Update documentation
* Cleanup
* Updated documentation related to IPv6 usage.
BugFixes:
* Solved the default_policy and state mutual exclusive status.
* Fixed changed status for IPv6 addresses.
Added @otnateos patch.
The newest version of OpenSSH supports a new, wonderful key type. authorized_key incorrectly discards pubkeys of this type as busted because it doesn't recognize type signature.
If no group was specified, but a group by the same name as the user
exists, an error was raised in the situation where USERGROUPS_ENAB is
enabled in /etc/login.defs (which is the case for almost every major
linux distro). In this case, the user will be put in group 100 (which
is usually the "users" group on those same distros). This is currently
only done in the base class, as the issue may not exist on other
platforms like AIX or the BSDs.
Fixes#6210
Sometimes, `blkid` will incorrectly return no information about a block
device, even if it exists and has a valid filesystem. This causes the
*filesystem* module to fail if *force=no*. Instructing `blkid` to use
`/dev/null` as a cache file will force it to rescan the block device on
each run, making results more consistent.
Signed-off-by: Dustin C. Hatch <admiralnemo@gmail.com>
This addresses GH-5165 and adds the ability to check if a lvol exists.
The tests for this don't fit nicely into the current integration tests so they are below.
```
---
- name: remove any existing lv=one of vg=main
lvol: lv=one vg=main state=absent
- name: remove any existing lv=two of vg=main
lvol: lv=two vg=main state=absent
- name: check to see if lv=one of vg=main exists
lvol: lv=one vg=main state=present
ignore_errors: true
register: lvol_result0
- name: Assert that we will get a "No size given."
assert:
that:
- "'No size given.' in lvol_result0.msg"
- name: create lv=one of vg=main sized 30g
lvol: lv=one size=30g vg=main state=present
register: lvol_result1
- name: Assert that we made changes."
assert:
that:
- "lvol_result1.changed == True"
- name: check to see if lv=one of vg=main exists
lvol: lv=one vg=main state=present
register: lvol_result2
- name: Assert that we did not make changes."
assert:
that:
- "lvol_result2.changed == False"
- name: remove lv=one of vg=main
lvol: lv=one vg=main state=absent
- name: create lv=two of vg=main sized 30G
lvol: lv=two size=30G vg=main state=present
register: lvol_result3
- name: Assert that we made changes."
assert:
that:
- "lvol_result3.changed == True"
- name: reduce lv=two of vg=main to 15G
lvol: lv=two size=15G vg=main state=present
register: lvol_result4
- name: Assert that we made changes."
assert:
that:
- "lvol_result4.changed == True"
- name: increase lv=two of vg=main to 30G
lvol: lv=two size=30G vg=main state=present
register: lvol_result5
- name: Assert that we made changes."
assert:
that:
- "lvol_result5.changed == True"
- name: create lv=two of vg=main sized 30G when already exists at 30G
lvol: lv=two size=30g vg=main state=present
register: lvol_result6
- name: Assert that we did not make changes."
assert:
that:
- "lvol_result6.changed == False"
- name: remove lv=two of vg=main
lvol: lv=two vg=main state=absent
```
- removed previous 'typification' of input as it needs it is typed by
module as strings and needs to be output as strings, making it
useless.
- now checks for vtype and value against None when question is specified
- simplified set_selections as vtype and value should have a string
value going in.
- added example of querying questions for a package
- added module requirement of question,vtype and value being required
together.
- field names are more consistent with debconf
- values are now 'booleanized' or accepted as list/set objects when
pertinent
- updated docs to reflect all of the above and debconf cli tools
required