* Add write helper.
* Adjust modules (except openssl_certificate).
* Adding tests for mode (with openssl_privatekey).
* Add openssl_certificate support.
* Never, ever remove the output file before actually trying to generate new content for it.
Removal is only allowed when state=absent, or when the object has been regenerated and the result needs to be written to that place.
* Add changelog.
* Extend test.
(cherry picked from commit d7a273273a)
* Add documentation for tags and network access
* Documentation changes from dag and sam
* Change examples to include proper YAML and not dict
* Update lib/ansible/modules/network/meraki/meraki_admin.py
Co-Authored-By: kbreit <kevin.breit@kevinbreit.net>
(cherry picked from commit bcbcd209f4)
The tests need to be updated to support newer ansible-runner releases.
(cherry picked from commit 777b726e4f)
Co-authored-by: Matt Clay <matt@mystile.com>
This is a backport of #48833 for stable-2.7.
The compose, groups, and keyed_groups functionality of the openstack
inventory plugin was broken:
- the plugin was not passing the correct variables to the
Constructable methods for compose and groups
- the plugin was simply never calling the appropriate method for
implementing keyed_groups
This commit fixes both issues.
(cherry picked from commit 5a9c767662)
This reverts commit 05772233ad.
I mistakenly merged this before it hit devel. The devel change was
modified to change this in a different place. Reverting so that we can
make that fix properly.
* [stable-2.7] Correctly count processors on ARM systems. (#52884)
- Add unit tests for Linux CPU info
- Add cpuinfo output from several systems for unit tests
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 55306906cf)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Add changelog
* Revert "allow caller to deal with timeout (#49449)"
This reverts commit 63279823a7.
Flawed on many levels
* Adds poor API to a public function
* Papers over the fact that the public function is doing something bad
by catching exceptions it cannot handle in the first place
* Papers over the real cause of the issue which is a bug in the timeout
decorator
* Doesn't reraise properly
* Catches the wrong exception
Fixes#49824Fixes#49817
* Make the timeout decorator properly raise an exception outside of the function's scope
signal handlers which raise exceptions will never work well because the
exception can be raised anywhere in the called code. This leads to
exception race conditions where the exceptions could end up being
hanlded by unintended pieces of the called code.
The timeout decorator was using just that idiom. It was especially bad
because the decorator syntactically occurs outside of the called code
but because of the signal handler, the exception was being raised inside
of the called code.
This change uses a thread instead of a signal to manage the timeout in
parallel to the execution of the decorated function. Since raising of
the exception happens inside of the decorator, now, instead of inside of
a signal handler, the timeout exception is raised from outside of the
called code as expected which makes reasoning about where exceptions are
to be expected intuitive again.
Fixes#43884
* Add a common case test.
Adding an integration test driven from our unittests. Most of the time
we'll timeout in run_command which is running things in a subprocess.
Create a test for that specific case in case anything funky comes up
between threading and execve.
* Don't use OSError-based TimeoutError as a base class
Unlike most standard exceptions, OSError has a specific parameter list
with specific meanings. Instead follow the example of other stdlib
functions, concurrent.futures and multiprocessing and define a separate
TimeoutException.
* Add comment and docstring to point out that this is not hte Python3 TimeoutError
(cherry picked from commit bd072fe83a)
* win_reboot - Fix rc validation when using psrp and add extra docs (#53711)
* win_reboot - Fix rc validation when using psrp and add extra docs
* Revert boot time command and fix docs
(cherry picked from commit 3d23e47c53)
* win_reboot - fix broken tests after recent commit (#53722)
(cherry picked from commit d9795bad98)
* [stable-2.7] Ensure Clear Linux parsing is actually parsing a Clear Linux host and all others fall back to NA (#53298)
Fixes a bug where parse_distribution_file_ClearLinux() was called on CoreOS (and probably many other distros) and it returned True since it successfully parses the distribution file. Since this file exists on many Linux distributions and they are a very similar format, add an additional check to make sure it is Clear Linux.
Change the order in which distribution files are processed so NA is last. This prevents a match on CoreOS hosts since they also have /etc/os-release and the called matching function for NA is very general and will match CoreOS.
* Add changelog
* Add unit tests
Only add tests for Clear Linux parsing since that was the cause of this issue.
(cherry picked from commit 1d91e03119)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Use different import for 2.7
* Output warnings from docker daemon on container create and update.
* Accept warning for blkio_weight instead of idempotency.
* Value quoting.
* Avoid loop variable conflict.
* Add changelog.
* Make one test case faster.
* Add 'Docker warning: ' prefix.
* Add a generalized warning reporting function.
(cherry picked from commit 3117900b1e)
* [docker_image] fix the changed state for tagging and pushing
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docker_image] add tests for (force) tagging and force pushing
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docker_image] add a news fragment for the fixed force tag/push behavior
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
(cherry picked from commit 13ab9a61a8)
* Fixed crash with hidden files
added "-force" parameter on "Get-Item" cmdlet. this is needed to get file info if the file is "hidden"
without this option modules like win_file, win_template, win_copy crashes on hidden files. this is because with "test-path" it sees that the file exists, but "get-item" can't get the file info.
for more information on "-force option": https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-item
* Add changelog and integration tests
* fix tests for older Windows versions
(cherry picked from commit 3bc474bf99)
* Improve subject field validation.
* Add country name idempotency test.
* Add failed country name test.
* Add changelog.
(cherry picked from commit b2e992cecd)
* Decreasing docker_swarm requirements.
* Fixing docker-py / docker API version requirements, and some comments.
* Add changelog.
* Only send parameters specified by user to docker daemon.
* Extend labels test: not specifying == keep labels.
* Bump minimally required docker-py version for docker_node and docker_node_facts to 2.4.0.
* Prevent crashing when publish or healthcheck is not provided.
* Similarly to docker_swarm tests, only execute docker_node tests on real VMs and restart docker daemon when tests are done.
(cherry picked from commit 8e26c2dfbe)
* Type error in openssl_certificate (#47508)
* Fixed#47505: Type error in openssl_certificate
* Use to_bytes instead of str.encode in SelfSignedCertificate. Updates #47508
* Use to_bytes instead of str.encode in OwnCACertificate
* Added integration tests for openssl_certificate: selfsigned_not_before/after and ownca_not_before/after
(cherry picked from commit 5b1c68579d)
* openssl_certificate, fixed has_expired to check the cert expiration date (#53168)
(cherry picked from commit d5d92e4a70)
* Use fixed timestamp in past instead of relative time (relative times are a feature of devel).
* Add changelog for #47508.
* Add more tests.
* Added tests for CA options.
* Don't run in docker-in-docker situations where docker daemon becoming instable is really dangerous. Also, restart docker daemon after tests.
* Only run CA tests when openssl_certificate can be run (which is not the case for RHEL7, see #34054).
* Add comment on why docker-based CI runs are skipped.
(cherry picked from commit 04bfec9dfe)
* Ensure play order is obeyed
it was being ignored depending on other options
also added tests for each order (except shuffle) both serial and not
fixes#49846
(cherry picked from commit cfba6dfe91)
* OpenSUSE - Add OpenSUSE 15 test containers ci_complete
* Reset matrix back to normal
* Set container version instead of latest
* Remove old Docker completion file
(cherry picked from commit 3635c59b23)
* test - add setup target that creates the nobody user
* do not set explicit gid/uid for nobody user
* Do no create group and only touch basic attributes
(cherry picked from commit 17bfc60423)
* Properly handle unauthenticated yum proxy config (#51915)
Fixes#51548
Signed-off-by: Adam Miller <admiller@redhat.com>
(cherry picked from commit 2721ed260e)
* Fix: Yum module does not use proxy when username is not set #51548 (#51994)
* add test of yum with proxy
* Properly handle unauthenticated yum proxy config
Fixes#51548
* shell executable is bash
(cherry picked from commit c2a409a9e0)
* Disallow use of remote home directories containing .. in their path
* Add CVE to changelog
(cherry picked from commit b34d141)
Co-authored-by: Matt Martz <matt@sivel.net>
* Test out Server 2019 - ci_complete
* run tests and continue on error - ci_complete
* Add the full matrix back in
(cherry picked from commit 0334c20630)
* aws_ec2 Implement the missing 'region discovery' (#51333)
* aws_ec2 Implement the missing 'region discovery'
fixes#45288
tries to use api as documented (which seems to fail in latest boto3 versions)
and fallback to boto3 'hardcoded' list of regions
* fixes and cleanup, add error for worst case scenario
* fix tests, remove more unused code
* add load_name
* acually load the plugin
* set plugin as required
* reverted test changes, removed options tests
* fixes as per feedback and cleanup
* Allow default regions list to use flexible credential types
* recent changes to args for hosted template file broke the test; changed test to use a specific known-working commit instead of `master`.
* long-term may want to consider hosting the template in httptester or just embedding a local copy
(cherry picked from commit 46bf387)
Co-authored-by: Matt Davis <mrd@redhat.com>
* remove default from delegate_facts to inherit (#45492)
* remove default from delegate_facts to inherit
fixes#45456
* test delegate_facts
* added note about inheritance and defaults
* yamllint
(cherry picked from commit 8743e6ae2e)
* added changelog
* Docs: Add a separate "seealso" section to the module docs
to list related modules and/or related references. This clears up the notes
section for things that are actual notes.
So you can add a section in your module documentation and four types of
references are possible.
seealso:
# Reference by module name
- module: aci_tenant
# Reference by module name, including description
- module: aci_tenant
description: ACI module to create tenants on a Cisco ACI fabric.
# Reference by rST documentation anchor
- ref: aci_guide
description: Detailed information on how to manage your ACI infrastructure using Ansible.
# Reference by Internet resource
- name: APIC Management Information Model reference
description: Complete reference of the APIC object model.
link: https://developer.cisco.com/docs/apic-mim-ref/
This PR also includes:
- Implements ansible-doc support
- Implements schema support for the seealso options
- Updates to the development documentation
- Rename filter convert_symbols_to_format to rst_ify, cfr the existing html_ify and tty_ify filters
- This makes the existing template a lot easier to read and fixes the confusion I had myself rereading the template (again).
- We fixed the possible suboption types (which was limited to 'bool' only)
* Use latest stable instead of devel docs
(cherry picked from commit baf0ad2309)
* ansible-test: Add Ubuntu 18.04 to Shippable CI nodes
* re-add ubuntu1604/3 to matrix
* forgot to add environment for git kill gpg-agent
(cherry picked from commit 828df4b336)
* Catch SSH authentication errors and don't retry multiple times to prevent account lock out
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Subclass AnsibleAuthenticationFailure from AnsibleConnectionFailure
Use comparison rather than range() because it's much more efficient.
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Make paramiko_ssh connection plugin behave the same way
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add changelog
Signed-off-by: Sam Doran <sdoran@redhat.com>.
(cherry picked from commit 9d4c0dc111)
Co-authored-by: Sam Doran <sdoran@redhat.com>
Signed-off-by: Sam Doran <sdoran@redhat.com>
* file - allow touch on files not owned by user
* use Sentinal value and preserved existing args
* Do no instantiate the Sentinel object
(cherry picked from commit 419727a6da)
* Fix subversion integration test on Fedora 29.
This upgrades the sqlite-libs and subversion packages to make sure
that the version of sqlite expected by subversion is installed.
* Fix compatibility with RHEL and CentOS.
(cherry picked from commit d4dbc7f2e0)
Co-authored-by: Matt Clay <matt@mystile.com>
* Corner case in which import_role would add another instance of a role with the same signature into roles: when it already existed there.
roles:
- name: a
tasks:
- import_role: name=a
would execute role 'a' 3 times instead of the intended 2 (x2 in roles: phase +1 in tasks:)
* added tests
(cherry picked from commit eca7c3c8c7)
* [docker_container] Failing on non-string env values (#49843)
* [docker_container] Failing on non-string env values
Fixes#49802
* Clarify failure message
Co-Authored-By: DBendit <David@ibendit.com>
* Fixup from review
(cherry picked from commit d62d7176b0)
* Turn fail into warning for 2.7 backport.
* Fix test for backport
The behaviour in the backport is to warn rather than error
* Move var_blending test inventory into test.
* Remove Amazon specific inventory entry for tests.
* Remove Azure specific inventory entry for tests.
* Move var_precedence test inventory into test.
* Move unicode test inventory into test.
* Remove unused inventory entry.
* Move gathering_facts test inventory into test.
* Move delegate_to test inventory into test.
* Clean up inventory for binary_modules test.
* Clean up integration test inventory..
(cherry picked from commit e5094e8071)
Co-authored-by: Matt Clay <matt@mystile.com>
Download package from S3 since the previous location no longer exists.
(cherry picked from commit fd56788a14)
Co-authored-by: Matt Clay <matt@mystile.com>
* Expand user and variables in ca_certificates paths.
This is a fix specific for stable-2.7. In devel (and stable-2.8),
this problem is fixed by #48473. That PR adds argument spec
validation for list elements.
* Add changelog.
* Minor cleanup of code-smell tests.
* Add exception handling for YAML load..
(cherry picked from commit e7426e3795)
Co-authored-by: Matt Clay <matt@mystile.com>
* resolved conflicst
* adding fragment
* generalize using rest api
* make vmss smaller
* even smaller
* size can't be smaller
* removed some unnecessary things
* removed too much
* additional fix needed
* Ensure that the src file contents is converted to unicode in diff info. Fixes#45717
* Fix up and cleanup
* The diff functionality in the callback plugins should have the
to_text() calls removed since we're now doing it in ActionBase
* catching of UnicodeError and warnings in the callback diff
functionality from 61d01f549f haven't been
needed since we switched to to_text so remove them.
* Add a note to ActionBase's diff function giving an example of when the
diff function will be inaccurate and how to fix it
* Fix callback get_diff() tests
I believe the unittests of callback's get_diff() were wrong. They were
sending in a list where strings were expected. Because previous code
was transforming the lists into strings via their repr, the previous
tests did not fail but they would have formatted the test cases output
in an odd way if we had looked at it.
(cherry picked from commit 95e77ac)
Co-authored-by: Matt Martz <matt@sivel.net>
* set ansible_os_family from name variable in os-release for clearlinux OS (#49639)
* set ansible_os_family from name variable in os-release for clearlinux system
Signed-off-by: Josue David Hernandez Gutierrez <josue.d.hernandez.gutierrez@intel.com>
* Add os_family for clear linux and clear linux mixes
Signed-off-by: Josue David Hernandez Gutierrez <josue.d.hernandez.gutierrez@intel.com>
(cherry picked from commit 9202ef60b0)
* Adding Changelog fragment
Signed-off-by: Josue David Hernandez Gutierrez <josue.d.hernandez.gutierrez@intel.com>
The API docs state that both `branch` and `branchName` are valid,
but only `branchName` appears to work.
(cherry picked from commit 31c1bdd6a8)
Co-authored-by: Matt Clay <matt@mystile.com>
* fix order of dnf api operations so transactions don't fail
Previously dnf.base.fill_sack() was called before
dnf.base.update_cache() which apparently breaks dnf transaction
logic as per https://bugzilla.redhat.com/show_bug.cgi?id=1658694Fixes#49060
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog and test case
Signed-off-by: Adam Miller <admiller@redhat.com>
(cherry picked from commit ca084889c7)
* Fix mandatory statement error for junos modules
Fixes#40267
* Add error regex in junos terminal plugin to error out
in case of commit fails
* If commit fails add logic to discard changes before existing
else next task will result in error
* Add integration test
* Minor update
(cherry picked from commit cc8e90395a)
* Change test suite to fit expected behaviour
This reverts some changes from ansible/ansible@723daf3
If a line is found in the file, exactly or via regexp matching, it must
not be added again.
insertafter/insertbefore options are used only when a line is to be
inserted, to specify where it must be added.
(cherry picked from commit 31c11de2af)
* Implement the change in behaviour mentioned in the previous commit
(cherry picked from commit a4141cfa2e)
* Fix comment to reflect what the code does
(cherry picked from commit 150f5cb232)
* Set the correct return message.
In these cases, the lines are added, not replaced.
(cherry picked from commit 3216c31401)
* Add a changelog
(cherry picked from commit c39cf6b332)
* Fix various bugs related in reboot
- Use format strings for consistency and improve debug log messages
- Use local variables instead of class attributes in order to be thread safe
- Run setup module to get distribution and version
- Run find module to get full path of shutdown command
- Use ansible_os_family and ansible_distribution to find commands and args
- Use same command for all Solaris/SunOS distributions
- Move delay calculations to properties
- Reliably check for module run failure
- Fix bug in run_test_command() that accidentally made the method work properly
- Use better exceptions rather than Exception
- Use dict literals rather than constructors
- Correct _check_delay() so it always returns a value, not None
- Don't store and return result in run_test_command() because it's not used anywhere
- add test for post reboot command that fails
- test negative values for delay parameters.
(cherry picked from commit c1589c33c4)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Add `env` command to ansible-test and run in CI.
* Avoid unnecessary docker pull.
(cherry picked from commit 01833b6fb1)
Co-authored-by: Matt Clay <matt@mystile.com>
Anton Roman