This patch adds some checks on the path that is accessed as a container,
making sure it looks like one. It implements the connection method and
add adaptations to the modern way of writing connections for Ansible.
It also rewords docs and vars to use the nspawn terminology instead of
chroot.
This commit adds a connection driver built on top of systemd-nspawn.
This is similar to the existing `chroot` driver, except that nspawn
offers a variety of additional services. For example, it takes care of
automatically mounting `/proc` and `/sys` inside the chroot environment,
which will make a variety of tools work correctly that would otherwise
fail.
You can take advantage of other system-nspawn features to perform more
complicated tasks. For example, on my x86_64 system I have a Raspberry
Pi disk image mounted on `/rpi`. I can't use `chroot` with this because
the binaries contained in the image are for the wrong architecture.
However, I can use the systemd-nspawn `--bind` option to automatically
insert the appropriate qemu-arm binary into the container using an
inventory file like this:
pi ansible_host=/rpi ansible_nspawn_extra_args='--bind /usr/bin/qemu-arm --bind /lib64'
See http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html
for more information about systemd-nspawn itself.
* Add a vault 'encrypt_string' command.
The command will encrypt the string on the command
line and print out the yaml block that can be included
in a playbook.
To be prompted for a string to encrypt:
ansible-vault encrypt_string --prompt
To specify a string on the command line:
ansible-vault encrypt_string "some string to encrypt"
To read a string from stdin to encrypt:
echo "the plaintext to encrypt" | ansible-vault encrypt_string
If a --name or --stdin-name is provided, the output will include that name in yaml key value format:
$ ansible-vault encrypt_string "42" --name "the_answer"
the_answer: !vault-encrypted |
$ANSIBLE_VAULT;1.1;AES256
<vault cipher text here>
plaintext provided via prompt, cli, and/or stdin can be mixed:
$ ansible-vault encrypt_string "42" --name "the_answer" --prompt
Vault password:
Variable name (enter for no name): some_variable
String to encrypt: microfiber
# The encrypted version of variable ("some_variable", the string #1 from the interactive prompt).
some_variable: !vault-encrypted |
$ANSIBLE_VAULT;1.1;AES256
< vault cipher text here>
# The encrypted version of variable ("the_answer", the string #2 from the command line args).
the_answer: !vault-encrypted |
$ANSIBLE_VAULT;1.1;AES256
< vault cipher text here>
Encryption successful
* add stdin and prompting to vault 'encrypt_string'
* add a --name to encrypt_string to optional specify a var name
* prompt for a var name to use with --prompt
* add a --stdin-name for the var name for value read from stdin
* removes unneeded supports_multiplexing var
* refactors terminal_prompts_re to terminal_stdout_re
* refactors terminal_errors_re to terminal_stderr_re
* updates network_cli unit test cases
The network_cli plugin would return immediately if an error was
detected. This patch will force the connection plugin to still try to
detect the current prompt even if an error is found.
Moving it to after the blocks where per-item results are calculated,
as it's not used there and causes quite a performance hit being there.
Fixes#21340
* refactors supports_sessions to a property
* exposes supports_sessions as a toplevel function
* adds open_shell() to network_cli
* implements open_shell() in eos action plugin
* Add NetApp SolidFire volume module
* Make requested changes
* Make requested changes
* Set supports_check_mode to True
* Make requested changes
* Change new_account_id to account_id, 512emulation
* Make requested changes
* Add alias for enable512e
* Move byte_map to utils and add exit message
* Update description for ‘attributes’
* refactor postgres,
* adds a basic unit test module
* first step towards a common utils module
* set postgresql_db doc argument defaults to what the code actually uses
* unit tests that actually test a missing/found psycopg2, no dependency needed
* add doc fragments, use common args, ansible2ify the imports
* update dict
* add AnsibleModule import
* mv AnsibleModule import to correct file
* restore some database utils we need
* rm some more duplicated pg doc fragments
* change ssl_mode from disable to prefer, add update docs
* use LibraryError pattern for import verification
per comments on #21435. basically LibraryError and touching up its usage in pg_db and the tests.
fix failing fail_json call in postgresql_schema
- Bugfix Pull Request
modules/database/postgresql/postgresql_schema
```
2.3.0
```
Here's an example of the error that was coming out. Massaged some linebreaks and backslashes to make it more readable:
"module_stderr": "Traceback (most recent call last):
File "/tmp/ansible_3X05GE/ansible_module_postgresql_schema.py", line 274, in <module>
main()
File "/tmp/ansible_3X05GE/ansible_module_postgresql_schema.py", line 265, in main
module.fail_json(msg="Database query failed: %s" %(text, str(e)))
NameError: global name 'text' is not defined
",
Now it triggers with the correct exception and shows the traceback. This duplication of str(e) and traceback seems to be the best design pattern.
Sample of the new output:
An exception occurred during task execution. The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_gp4v1Q/ansible_module_postgresql_schema.py", line 254, in main
changed = schema_create(cursor, schema, owner)
...
return super(DictCursor, self).execute(query, vars)
ProgrammingError: permission denied for database schemadb
fatal: [localhost]: FAILED! => {
"changed": false,
"failed": true,
...
},
"msg": "Database query failed: permission denied for database schemadb\n"
The python 'future' module provides a 'builtins' package
to emulate the py3 'builtins' modules. If installed, the
unit tests that reference builtins.__import__ fail because
the future 'builtins' is imported and it is missing __import__.
Use ansible.compat.six.moves.builtins instead of importing
'builtins' or __builtin__
Fixes#14996
allows user to force persistent connection to close, needed for when
you want to benefit from changes applied to the current play but persistent connections
prevent them from being realized.
If versioning is not enabled, then `get_bucket_versioning`
can return an empty dict.
If that happens, the code to enable versioning should still
run!
The logic for suspending versioning was also incorrect, so
have updated that too.
Fixes#20491
Peter Sprygada