* Fixed crash with hidden files
added "-force" parameter on "Get-Item" cmdlet. this is needed to get file info if the file is "hidden"
without this option modules like win_file, win_template, win_copy crashes on hidden files. this is because with "test-path" it sees that the file exists, but "get-item" can't get the file info.
for more information on "-force option": https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-item
* Add changelog and integration tests
* fix tests for older Windows versions
(cherry picked from commit 3bc474bf99)
* win_domain: fix issue when running without credential delegation
* Add check for reboot is required to complete role e install
* Fix changelog sanity issue
* removed meta file accidentally committed
(cherry picked from commit 008db85d44)
* Improve subject field validation.
* Add country name idempotency test.
* Add failed country name test.
* Add changelog.
(cherry picked from commit b2e992cecd)
* docker_swarm_service: rename return variable to swarm_service (#53229)
* Rename return variable to swarm_service.
* Add changelog.
* Add that old name will stay in Ansible 2.7.x.
(cherry picked from commit 61abbfc269)
* Keep old variable for backwards compatibility.
* Decreasing docker_swarm requirements.
* Fixing docker-py / docker API version requirements, and some comments.
* Add changelog.
* Only send parameters specified by user to docker daemon.
* Extend labels test: not specifying == keep labels.
* Bump minimally required docker-py version for docker_node and docker_node_facts to 2.4.0.
* Prevent crashing when publish or healthcheck is not provided.
* Similarly to docker_swarm tests, only execute docker_node tests on real VMs and restart docker daemon when tests are done.
(cherry picked from commit 8e26c2dfbe)
* Type error in openssl_certificate (#47508)
* Fixed#47505: Type error in openssl_certificate
* Use to_bytes instead of str.encode in SelfSignedCertificate. Updates #47508
* Use to_bytes instead of str.encode in OwnCACertificate
* Added integration tests for openssl_certificate: selfsigned_not_before/after and ownca_not_before/after
(cherry picked from commit 5b1c68579d)
* openssl_certificate, fixed has_expired to check the cert expiration date (#53168)
(cherry picked from commit d5d92e4a70)
* Use fixed timestamp in past instead of relative time (relative times are a feature of devel).
* Add changelog for #47508.
* Fixed lvol ValueError with float size.
(cherry picked from commit 85bd54dfa7)
* Fixed lvol ValueError with float size.
(cherry picked from commit ecdd835b6c)
* Initialized locale using system default.
Changed size validation from float() to locale.atof().
(cherry picked from commit d187b95929)
* Added changelog fragment.
(cherry picked from commit d1f6b1220c)
* Used C locale instead of relying on system locale.
(cherry picked from commit 90b3d96869)
* Revert "use list instead of tuple and remove md5 on ValueError (#51357)" c459f040da.
* Modify the correct variable when determining available hashing algorithms.
(cherry picked from commit 23a6b88dd2)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Add support for macro contexts that have colons (#51853)
Currently when used with macro contexts that have a colon inside,
macro_name gets truncated. A common case is contexts that represent a
Windows drive. Examples:
- 'C_DRIVE_THRESHOLD: "C:"'
- 'C_DRIVE_THRESHOLD: "D:"'
This happens because line 189 assumes there are only one colon in
macro_name, and thus two substrings to join.
To solve this, it is necessary considering that macro_name could have
more that one colon. After the split, the first element is the proper
Zabbix macro name. Then, the solution is joining all the remaining
substrings after that.
This is backwards compatible in the case macro_name have only one colon.
(cherry picked from commit d1d4f4bd27)
* Add support for macro contexts that have colons
Currently when used with macro contexts that have a colon inside,
macro_name gets truncated. A common case is contexts that represent a
Windows drive. Examples:
- 'C_DRIVE_THRESHOLD: "C:"'
- 'C_DRIVE_THRESHOLD: "D:"'
This happens because line 189 assumes there are only one colon in
macro_name, and thus two substrings to join.
To solve this, it is necessary considering that macro_name could have
more that one colon. After the split, the first element is the proper
Zabbix macro name. Then, the solution is joining all the remaining
substrings after that.
This is backwards compatible in the case macro_name have only one colon.
* Improve idempotency checking: only consider parameters which are part of the generated spec.
* Properly handle rotate_worker_token and rotate_manager_token.
(cherry picked from commit 42ae6cdb95)
* Ensure play order is obeyed
it was being ignored depending on other options
also added tests for each order (except shuffle) both serial and not
fixes#49846
(cherry picked from commit cfba6dfe91)
Katello: Added product to the dict choices (#49776)
* Added product to the dict choices.
Following issue 48594 where product is not a recognised choice: https://github.com/ansible/ansible/issues/48594
* fixed doc
added - product to the doc
* split line 549
to correct ci test splitting line 549
* Create 49776-product_fix_katello_foreman_module.yaml
changelog fragment creation
(cherry picked from commit d3fcdae4ad)
When no repos are defined, the `repo` variable is undefined. Therefore
append it only to the result if a repo was found. Otherwise Ansible will
fail with an UnboundLocalError.
(cherry picked from commit 0469134f16)
* Filter DNSimple request by record name.
The request was not filtered and DNSimple returns only the first 100
records so if the number of records is larger the check could fail.
This patch fixes the issue and also makes the check to perform better.
* Add changelog fragment.
(cherry picked from commit e0274adafe)
* Fixing state=present for jenkins_plugin module (#52051)
(cherry picked from commit 5f4840aaa8)
* Adding changelog fragment for PR #52051 (#52687)
(cherry picked from commit ee14b123f3)
* Updating update_url for jenkins_plugin (#52086)
(cherry picked from commit f49469f7bf)
* Adding changelog fragment for PR #52086 (#52689)
(cherry picked from commit 280e8911ce)
* mysql_user: Match quotes, double quotes and backticks when checking current privileges
(cherry picked from commit 1ae0e21383)
* Add changelog fragment for PR #40092
(cherry picked from commit 8974ce3c78)
* mysql_user: fix malformed regex used to check current privileges
* Properly handle unauthenticated yum proxy config (#51915)
Fixes#51548
Signed-off-by: Adam Miller <admiller@redhat.com>
(cherry picked from commit 2721ed260e)
* Fix: Yum module does not use proxy when username is not set #51548 (#51994)
* add test of yum with proxy
* Properly handle unauthenticated yum proxy config
Fixes#51548
* shell executable is bash
(cherry picked from commit c2a409a9e0)
* Raise AnsibleConnectionError on winrm con errors
Currently all uncaught exceptions of the requests library that is used
in winrm will lead to an "Unexpected failure during module execution".
Instead of letting all exceptions bubble up we catch the connection
related errors (inkl. timeouts) and re-raise them as
AnsibleConnectionError so Ansible will mark the host as unreachable and
exit with the correct return code.
This is especially important for Zuul (https://zuul-ci.org) to
distinguish between failures and connection/host related errors.
* Update lib/ansible/plugins/connection/winrm.py
Co-Authored-By: westphahl <westphahl@gmail.com>
* Add changelog fragment
* Disallow use of remote home directories containing .. in their path
* Add CVE to changelog
(cherry picked from commit b34d141)
Co-authored-by: Matt Martz <matt@sivel.net>
* Update GetBiosBootOrder to use standard spec resources (#51764)
* update GetBiosBootOrder to use standard spec resources
* handle case where BootOrder is present but BootOptions is missing
(cherry picked from commit e0538610bf)
* add changelog fragment and fix merge issue
This is an implementation of 8bffcf8e50
that was done in the PR https://github.com/ansible/ansible/pull/48082 to devel.
The changes have been manually brought across to the the stable-2.7 branch as it
cannot be cleanly cherry picked due to the substantial differences in become
between these versions.
Currently we impersonate the `SYSTEM` token in order to elevate our become
process with the highest privileges it has available but there are some edge
cases where the first `SYSTEM` token we come across doesn't have the
`SeTcbPrivilege` which is required for the above. This PR adds a further check
in the search for a `SYSTEM` token to make sure it has the `SeTcbPrivilege`
before continuing.
Fixes: #51534
* set valid_until equal to current time + spot_wait_timeout
* add setting ValidUntil to value
* add changelog fragment
* fix shebang issue
(cherry picked from commit d40f0313e2)
* [stable-2.7] ios retry config if section filter fails (#49485)
* Attempt to work around devices that don't understand | section
* Fix case of no flags
(cherry picked from commit 6caed0c)
Co-authored-by: Nathaniel Case <this.is@nathanielca.se>
* Add changelog
* aws_ec2 Implement the missing 'region discovery' (#51333)
* aws_ec2 Implement the missing 'region discovery'
fixes#45288
tries to use api as documented (which seems to fail in latest boto3 versions)
and fallback to boto3 'hardcoded' list of regions
* fixes and cleanup, add error for worst case scenario
* fix tests, remove more unused code
* add load_name
* acually load the plugin
* set plugin as required
* reverted test changes, removed options tests
* fixes as per feedback and cleanup
* Allow default regions list to use flexible credential types
* remove default from delegate_facts to inherit (#45492)
* remove default from delegate_facts to inherit
fixes#45456
* test delegate_facts
* added note about inheritance and defaults
* yamllint
(cherry picked from commit 8743e6ae2e)
* added changelog
* Add coherency between check and normal mode see issue #24633
* Add changelog fragment for the PR
* Make change following PR comment
* Remove trailing whitespace
(cherry picked from commit 240d1a6afb)
* Always check envvars when auth parameter is not provided
This will make it so that all code using the get_api_client
method will make use of the environment variables, instead of
silently ignoring them if default values haven't been set. This
affects at least the k8s lookup plugin.
* Add changelog
(cherry picked from commit 0be66113d4)
* If network cliconf support `supports_generate_diff` in
that case diff between running and cnadidate config
is generated within Ansible and if check_mode is enabled
in that case return only diff without actually invoking
edit_config()
(cherry picked from commit 8f5cd049d6)
* Catch SSH authentication errors and don't retry multiple times to prevent account lock out
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Subclass AnsibleAuthenticationFailure from AnsibleConnectionFailure
Use comparison rather than range() because it's much more efficient.
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Make paramiko_ssh connection plugin behave the same way
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add changelog
Signed-off-by: Sam Doran <sdoran@redhat.com>.
(cherry picked from commit 9d4c0dc111)
Co-authored-by: Sam Doran <sdoran@redhat.com>
Signed-off-by: Sam Doran <sdoran@redhat.com>
* file - allow touch on files not owned by user
* use Sentinal value and preserved existing args
* Do no instantiate the Sentinel object
(cherry picked from commit 419727a6da)
* check for result['status'] in systemd module
* instead of checking for result['state'], actually check for chroot and warn
* allow systemctl status to work if in a chroot, update warn text
* simply change warning message
(cherry picked from commit 37960ccc87)
* Corner case in which import_role would add another instance of a role with the same signature into roles: when it already existed there.
roles:
- name: a
tasks:
- import_role: name=a
would execute role 'a' 3 times instead of the intended 2 (x2 in roles: phase +1 in tasks:)
* added tests
(cherry picked from commit eca7c3c8c7)
* [docker_container] Failing on non-string env values (#49843)
* [docker_container] Failing on non-string env values
Fixes#49802
* Clarify failure message
Co-Authored-By: DBendit <David@ibendit.com>
* Fixup from review
(cherry picked from commit d62d7176b0)
* Turn fail into warning for 2.7 backport.
* Fix test for backport
The behaviour in the backport is to warn rather than error
* Describe labels and container_labels correctly
* Clarify reserve_memory and limit_memory docs
* Remove default from container_labels doc
* Remove trailing whitespace
* Document min api version for configs and secrets
* Add changelog fragment
* Specify type on labels and container_labels
* Consolidate required API version descriptions
* Update reserve and limit memory docs
* Use correct power-of-two units
* Remove description about limit_memory minimum 4mb
(cherry picked from commit 644057e9ec)
* fixes issue 50296
* fixes the indentation of the return statement
* Adds a conditional test into `_find_systems_resource()` to check the existence
of the Members of System resource
* updates the error message
* harden the conditional test
* Add a changelog
(cherry picked from commit 94a1d86d70)
* docker_swarm_service: use exact name match when finding services
The Docker API's filtering support allows filtering for substring
matches which means that when we filter the list of running services we
may accidentally match a service called "foobar" when looking for a
service named "foo".
Fix this by filtering the list of services returned from the Docker API
so that name matches are exact. It is still worth passing the filter
parameter to the Docker API because it reduces the number of results
passed back which may be important for remote Docker connections.
Closes 50654.
* add changelog fragment for #50654
(cherry picked from commit fd32760d7a)
* Added documentation around using vmware dynamic inventory plugin
* Fixed bug for populating host_ip in hostvars for given inventory host
* VMware: Add properties in vmware_vm_inventory
Fixes: #50249
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit af914695e6)
* Expand user and variables in ca_certificates paths.
This is a fix specific for stable-2.7. In devel (and stable-2.8),
this problem is fixed by #48473. That PR adds argument spec
validation for list elements.
* Add changelog.
* Add ability for reboot module to work for AIX
* changelog for AIX reboot support.
(cherry picked from commit 1dac10e5c3)
Co-authored-by: trogdor_the_burninator <gforster@users.noreply.github.com>
Signed-off-by: Sam Doran <sdoran@redhat.com>
* resolved conflicst
* adding fragment
* generalize using rest api
* make vmss smaller
* even smaller
* size can't be smaller
* removed some unnecessary things
* removed too much
* additional fix needed
Add auth_timeout parameter when supported
Paramiko 2.2 introduces the auth_timeout parameter. This will set the
parameter to the same value of the timeout parameter to prevent
"Authentication timeout" errors.
(cherry picked from commit e7f21dd1af)
Conditionally add auth_timeout to ssh.connect
Renamed sock_kwarg to ssh_connect_kwargs and conditionally added the
auth_timeout parameter based on the installed paramiko version.
(cherry picked from commit 6c41e97eee)
Add changelog fragment
(cherry picked from commit 7679a92db7)
* Ensure that the src file contents is converted to unicode in diff info. Fixes#45717
* Fix up and cleanup
* The diff functionality in the callback plugins should have the
to_text() calls removed since we're now doing it in ActionBase
* catching of UnicodeError and warnings in the callback diff
functionality from 61d01f549f haven't been
needed since we switched to to_text so remove them.
* Add a note to ActionBase's diff function giving an example of when the
diff function will be inaccurate and how to fix it
* Fix callback get_diff() tests
I believe the unittests of callback's get_diff() were wrong. They were
sending in a list where strings were expected. Because previous code
was transforming the lists into strings via their repr, the previous
tests did not fail but they would have formatted the test cases output
in an odd way if we had looked at it.
(cherry picked from commit 95e77ac)
Co-authored-by: Matt Martz <matt@sivel.net>
* set ansible_os_family from name variable in os-release for clearlinux OS (#49639)
* set ansible_os_family from name variable in os-release for clearlinux system
Signed-off-by: Josue David Hernandez Gutierrez <josue.d.hernandez.gutierrez@intel.com>
* Add os_family for clear linux and clear linux mixes
Signed-off-by: Josue David Hernandez Gutierrez <josue.d.hernandez.gutierrez@intel.com>
(cherry picked from commit 9202ef60b0)
* Adding Changelog fragment
Signed-off-by: Josue David Hernandez Gutierrez <josue.d.hernandez.gutierrez@intel.com>
* [stable-2.7] Fix reverse_inventory order to work on python3 (#49895)
(cherry picked from commit a0d71e7)
Co-authored-by: Matt Martz <matt@sivel.net>
* Clarify the change made to reverse_inventory
* Fix firewalld module failing on missing protocol. (#50242)
Under Python 3.7 at least, the split of the port field fails
ungracefully if there is no slash. The fix also addresses the
case of an empty protocol after the slash.
(cherry picked from commit 69deb73803)
* add changelog for #50242 (#50480)
Signed-off-by: Adam Miller <admiller@redhat.com>
(cherry picked from commit b81a74f551)
* fix order of dnf api operations so transactions don't fail
Previously dnf.base.fill_sack() was called before
dnf.base.update_cache() which apparently breaks dnf transaction
logic as per https://bugzilla.redhat.com/show_bug.cgi?id=1658694Fixes#49060
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog and test case
Signed-off-by: Adam Miller <admiller@redhat.com>
(cherry picked from commit ca084889c7)
* Add module for Pure Storage FlashBlade to manage directory services
* Fix facts not correctly passing into ansible_facts dict
(cherry picked from commit 507f89e693)
* Do not filter out exception, warnings, deprecations on failure when using debug. Fixes#47576
* Add changelog fragment
(cherry picked from commit 40e5d2c)
Co-authored-by: Matt Martz <matt@sivel.net>
When the security group the rule belongs to does not exist and
the state is absent, the module is not properly exited, leading
to a playbook execution failure.
Fixes issue #50057
(cherry picked from commit 4951e5a5b7)
verify_file was improperly always returning true if pyvimomi and requests libs were correct
moved library checking to parse, avoid unneded errors unless the file is actually meant for
this plugin
(cherry picked from commit 49993a55e5)
* Fix mandatory statement error for junos modules
Fixes#40267
* Add error regex in junos terminal plugin to error out
in case of commit fails
* If commit fails add logic to discard changes before existing
else next task will result in error
* Add integration test
* Minor update
(cherry picked from commit cc8e90395a)
* Change test suite to fit expected behaviour
This reverts some changes from ansible/ansible@723daf3
If a line is found in the file, exactly or via regexp matching, it must
not be added again.
insertafter/insertbefore options are used only when a line is to be
inserted, to specify where it must be added.
(cherry picked from commit 31c11de2af)
* Implement the change in behaviour mentioned in the previous commit
(cherry picked from commit a4141cfa2e)
* Fix comment to reflect what the code does
(cherry picked from commit 150f5cb232)
* Set the correct return message.
In these cases, the lines are added, not replaced.
(cherry picked from commit 3216c31401)
* Add a changelog
(cherry picked from commit c39cf6b332)
* [2.7] Don't fail if a remote_addr with a '/' hits ansible_connection (#49781)
* Fail if a remote_addr with a '/' hist ansible_connection
This is _probably_ a CIDR block, but anything with a slash will fail,
so no need to try to parse to make sure
* Locks are now per-socket_path.
Locks use the same value as socket_path. Locks are also cleaned up in
shutdown like sockets.
(cherry picked from commit 61a649c)
Co-authored-by: Nathaniel Case <this.is@nathanielca.se>
* Add changelog
* Fix various bugs related in reboot
- Use format strings for consistency and improve debug log messages
- Use local variables instead of class attributes in order to be thread safe
- Run setup module to get distribution and version
- Run find module to get full path of shutdown command
- Use ansible_os_family and ansible_distribution to find commands and args
- Use same command for all Solaris/SunOS distributions
- Move delay calculations to properties
- Reliably check for module run failure
- Fix bug in run_test_command() that accidentally made the method work properly
- Use better exceptions rather than Exception
- Use dict literals rather than constructors
- Correct _check_delay() so it always returns a value, not None
- Don't store and return result in run_test_command() because it's not used anywhere
- add test for post reboot command that fails
- test negative values for delay parameters.
(cherry picked from commit c1589c33c4)
Co-authored-by: Sam Doran <sdoran@redhat.com>